Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#8848 closed defect (invalid)

A memory leak in ffmpeg

Reported by: MoonLight-SteinsGate Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug: A memory leak in function av_malloc of libavutil/mem.c:87
How to reproduce:

% ffmpeg -i PoC
ffmpeg version is ffmpeg-4.1.3
built on Ubuntu 16.04.

I have found the bug by fuzzing. I compile ffmpeg-4.1.3 to x86-64 version with address sanitizer in Ubuntu-16.04 and print the debug information as:

ffmpeg version 4.1.3 Copyright (c) 2000-2019 the FFmpeg developers

built with gcc 7 (Ubuntu 7.5.0-3ubuntu1~18.04)
configuration: --disable-stripping --prefix=/home/ubuntu/yuetai/asan_programs/ffmpeg-4.1.3/ffmpeg-install/
libavutil 56. 22.100 / 56. 22.100
libavcodec 58. 35.100 / 58. 35.100
libavformat 58. 20.100 / 58. 20.100
libavdevice 58. 5.100 / 58. 5.100
libavfilter 7. 40.101 / 7. 40.101
libswscale 5. 3.100 / 5. 3.100
libswresample 3. 3.100 / 3. 3.100

[dv @ 0x61b000000080] Format dv detected only with low score of 25, misdetection possible!
./crashes/avconv/seeds/queue/id:088235,src:077720,op:havoc,rep:64: Input/output error

=================================================================
==28203==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 33192 byte(s) in 1 object(s) allocated from:

#0 0x7fc545a3c790 in posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdf790)
#1 0x555a0a559cdc in av_malloc libavutil/mem.c:87

SUMMARY: AddressSanitizer: 33192 byte(s) leaked in 1 allocation(s).

Attachments (1)

id:088235,src:077720,op:havoc,rep:64 (5.8 KB ) - added by MoonLight-SteinsGate 4 years ago.
PoC

Download all attachments as: .zip

Change History (2)

by MoonLight-SteinsGate, 4 years ago

PoC

comment:1 by mkver, 4 years ago

Component: ffmpegundetermined
Resolution: invalid
Status: newclosed
  1. Only git master is supported on this bugtracker, not an older release. If you are doing fuzzing work (which is always valuable), you should restrict your attention to git master.
  2. That bug is already fixed by 72704cbff4257466662729fc20e3f0ab85aa8c9e (fixing #8230 of which this were a duplicate if #8230 were not already fixed), but only 4.2 and above contain the fix.
Last edited 4 years ago by mkver (previous) (diff)
Note: See TracTickets for help on using tickets.