Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some Memory leaks exist in mp4xx #792

Open
DerekXC opened this issue Oct 6, 2022 · 0 comments
Open

Some Memory leaks exist in mp4xx #792

DerekXC opened this issue Oct 6, 2022 · 0 comments
Labels

Comments

@DerekXC
Copy link

DerekXC commented Oct 6, 2022

Summary

Hi, developers of Bento4,
I tested the binary of bento4 with my fuzzer, and some memory-leak crashes incurred. Among them, Bug3-5 may be different from #771. The operation system is Ubuntu 18.04.6 LTS (docker), these crashes with the following.

Bug1

Detected memory leaks in mp4encrypt, the bug may be different from #766.

root@q10s3kl5mn:/fuzz-mp4encrypt/mp4encrypt# ./mp4encrypt --method OMA-PDCF-CBC POC_mp4encrypt_631000973 /dev/null
WARNING: track ID 3 will not be encrypted
WARNING: track ID 4 will not be encrypted
WARNING: track ID 1 will not be encrypted
WARNING: track ID 2 will not be encrypted
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size

=================================================================
==586357==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 144 byte(s) in 2 object(s) allocated from:
    #0 0x9a1c90 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f40270a9297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x556c32 in AP4_EsdsAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x556c32)
    #3 0x43aae6 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x43aae6)
    #4 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #5 0x51be85 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51be85)
    #6 0x42e842 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x42e842)
    #7 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #8 0x722218 in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x722218)
    #9 0x7215b2 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x7215b2)
    #10 0x439d76 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x439d76)
    #11 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #12 0x51be85 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51be85)
    #13 0x51b62a in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51b62a)
    #14 0x4438e4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x4438e4)
    #15 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #16 0x51be85 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51be85)
    #17 0x51b62a in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51b62a)
    #18 0x4438e4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x4438e4)
    #19 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #20 0x51be85 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51be85)
    #21 0x51b62a in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51b62a)
    #22 0x4438e4 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x4438e4)
    #23 0x449406 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x449406)
    #24 0x51be85 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51be85)
    #25 0x51e13b in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4encrypt/mp4encrypt/mp4encrypt+0x51e13b)

SUMMARY: AddressSanitizer: 144 byte(s) leaked in 2 allocation(s).

Bug2

Detected memory leaks in mp4edit, the bug may be different from #776.

root@q11s3kl5mn:/fuzz-mp4edit/mp4edit# ./mp4edit POC_mp4edit_728838793 /dev/null
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size
WARNING: padding would be too large
WARNING: atom serialized to fewer bytes than declared size
WARNING: padding would be too large
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size
WARNING: padding would be too large
WARNING: atom serialized to fewer bytes than declared size
WARNING: padding would be too large

=================================================================
==91239==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x8eaf60 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f3c0c690297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x4c1886 in AP4_EsdsAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4c1886)
    #3 0x4552db in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4552db)
    #4 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #5 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #6 0x5d7069 in AP4_SampleEntry::Read(AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x5d7069)
    #7 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #8 0x62020e in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x62020e)
    #9 0x61f694 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x61f694)
    #10 0x4546d3 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4546d3)
    #11 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #12 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #13 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #14 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #15 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #16 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #17 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #18 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #19 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #20 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #21 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #22 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #23 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #24 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #25 0x48fb01 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48fb01)

Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x8eaf60 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f3c0c690297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x4c1886 in AP4_EsdsAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4c1886)
    #3 0x4552db in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4552db)
    #4 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #5 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #6 0x5d7069 in AP4_SampleEntry::Read(AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x5d7069)
    #7 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #8 0x62020e in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x62020e)
    #9 0x61f694 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x61f694)
    #10 0x4546d3 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4546d3)
    #11 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #12 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #13 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #14 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #15 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #16 0x4b6440 in AP4_DrefAtom::AP4_DrefAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4b6440)
    #17 0x4b5af8 in AP4_DrefAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4b5af8)
    #18 0x456f8a in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x456f8a)
    #19 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #20 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #21 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #22 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #23 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #24 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #25 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)
    #26 0x45cb77 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x45cb77)
    #27 0x4618ff in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4edit/mp4edit/mp4edit+0x4618ff)
    #28 0x48de17 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4edit/mp4edit/mp4edit+0x48de17)
    #29 0x48d616 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4edit/mp4edit/mp4edit+0x48d616)

SUMMARY: AddressSanitizer: 144 byte(s) leaked in 2 allocation(s).

Bug3

Detected memory leaks in mp4decrypt.

root@34f1181t281a:/fuzz-mp4decrypt/mp4decrypt# ./mp4decrypt POC_mp4decrypt_477546304 /dev/null
WARNING: atom serialized to fewer bytes than declared size

=================================================================
==203693==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fd288f7b297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x42ffef in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42ffef)
    #3 0x5e6b75 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x5e6b75)
    #4 0x414e8b in main (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x414e8b)
    #5 0x7fd288900c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fd288f7b297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x423f9d in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x423f9d)
    #3 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #4 0x42ffef in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42ffef)
    #5 0x5e6b75 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x5e6b75)
    #6 0x414e8b in main (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x414e8b)
    #7 0x7fd288900c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

Indirect leak of 192 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fd288f7b297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x4324cf in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4324cf)
    #3 0x42ffef in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42ffef)
    #4 0x5e6b75 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x5e6b75)
    #5 0x414e8b in main (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x414e8b)
    #6 0x7fd288900c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 328 byte(s) leaked in 3 allocation(s).

Bug4

Detected memory leaks in mp4decrypt.

root@34f1181t281a:/fuzz-mp4decrypt/mp4decrypt# ./mp4decrypt POC_mp4decrypt_34393864 /dev/null
WARNING: atom serialized to fewer bytes than declared size

=================================================================
==52857==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 1376 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fd58b6db297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x6f392d in AP4_TrunAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x6f392d)
    #3 0x423d35 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x423d35)
    #4 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #5 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #6 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #7 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #8 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #9 0x42ffef in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42ffef)
    #10 0x5e6b75 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x5e6b75)
    #11 0x414e8b in main (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x414e8b)
    #12 0x7fd58b060c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

                                            …… ……
Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7fd58b6db297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x42aca3 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42aca3)
    #3 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #4 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #5 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #6 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #7 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #8 0x42ffef in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42ffef)
    #9 0x5e6b75 in AP4_Processor::Process(AP4_ByteStream&, AP4_ByteStream&, AP4_ByteStream*, AP4_Processor::ProgressListener*, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x5e6b75)
    #10 0x414e8b in main (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x414e8b)
    #11 0x7fd58b060c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 1720 byte(s) leaked in 8 allocation(s).


Bug5

Detected memory leaks in mp4decrypt.

root@34f1181t281a:/fuzz-mp4decrypt/mp4decrypt# ./mp4decrypt POC_mp4decrypt_654515280 /dev/null
WARNING: atom serialized to fewer bytes than declared size
WARNING: atom serialized to fewer bytes than declared size
LLVMSymbolizer: error reading file: No such file or directory

=================================================================
==197884==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 264 byte(s) in 3 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f0c66e06297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x51e986 in AP4_EsdsAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x51e986)
    #3 0x424e14 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x424e14)
    #4 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #5 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #6 0x661689 in AP4_SampleEntry::Read(AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x661689)
    #7 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #8 0x6aa85e in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x6aa85e)
    #9 0x6a9ce4 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x6a9ce4)
    #10 0x42420c in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42420c)
    #11 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #12 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #13 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #14 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #15 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #16 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #17 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #18 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #19 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #20 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #21 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #22 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #23 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #24 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #25 0x4ed071 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4ed071)
                                                                                  …… ……

Direct leak of 88 byte(s) in 1 object(s) allocated from:
    #0 0x8f7da0 in malloc /llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x7f0c66e06297 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x93297)
    #2 0x51e986 in AP4_EsdsAtom::Create(unsigned int, AP4_ByteStream&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x51e986)
    #3 0x424e14 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x424e14)
    #4 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #5 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #6 0x661689 in AP4_SampleEntry::Read(AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x661689)
    #7 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #8 0x6aa85e in AP4_StsdAtom::AP4_StsdAtom(unsigned int, unsigned char, unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x6aa85e)
    #9 0x6a9ce4 in AP4_StsdAtom::Create(unsigned int, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x6a9ce4)
    #10 0x42420c in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42420c)
    #11 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #12 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #13 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #14 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #15 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #16 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #17 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #18 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #19 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #20 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #21 0x4eab86 in AP4_ContainerAtom::Create(unsigned int, unsigned long long, bool, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eab86)
    #22 0x42d270 in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned int, unsigned int, unsigned long long, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x42d270)
    #23 0x4320af in AP4_AtomFactory::CreateAtomFromStream(AP4_ByteStream&, unsigned long long&, AP4_Atom*&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4320af)
    #24 0x4eb387 in AP4_ContainerAtom::ReadChildren(AP4_AtomFactory&, AP4_ByteStream&, unsigned long long) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4eb387)
    #25 0x4ed071 in AP4_ContainerAtom::AP4_ContainerAtom(unsigned int, unsigned long long, bool, AP4_ByteStream&, AP4_AtomFactory&) (/fuzz-mp4decrypt/mp4decrypt/mp4decrypt+0x4ed071)
    #26 0x7fff0fa80e9f  ([stack]+0x18e9f)

SUMMARY: AddressSanitizer: 352 byte(s) leaked in 4 allocation(s).

Bug6

root@34f1181t281a:/fuzz-mp4mux# ./../Bento4-1.6.0-639/cmakebuild/mp4mux --track h264:POC_mp4mux_1729452038 /dev/null
ERROR: no sequence parameter set found in video

=================================================================
==4079790==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0x4f5ce8 in operator new(unsigned long) /llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:99
    #1 0x4fdd99 in main (/Bento4-1.6.0-639/cmakebuild/mp4mux+0x4fdd99)
    #2 0x7f3d73ac9c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: 104 byte(s) leaked in 1 allocation(s).
root@26c10857b81a:/fuzz-mp4mux# ./../Bento4-1.6.0-639/cmakebuild/mp4mux --track h265:in/3.mp4 /dev/null
ERROR: no sequence parameter set found in video

POC

POC_mp4encrypt_631000973.zip
POC_mp4edit_728838793.zip
POC_mp4decrypt_477546304.zip
POC_mp4decrypt_34393864.zip
POC_mp4decrypt_654515280.zip
POC_mp4mux_1729452038.zip

Environment

Ubuntu 18.04.6 LTS (docker)
clang 12.0.1
clang++ 12.0.1
Bento4 master branch(5b7cc25) && Bento4 release version(1.6.0-639)

Credit

Xudong Cao (NCNIPC of China), (Zhongguancun Laboratory)
Han Zheng (NCNIPC of China, Hexhive), (Zhongguancun Laboratory)
Jiayuan Zhang (NCNIPC of China), (Zhongguancun Laboratory)
Zezhong Ren (NCNIPC of China), (Zhongguancun Laboratory)

Thank you for your time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants