Headline
CVE-2022-46489: Memory leak in gf_isom_box_parse_ex function of box_funcs.c:166:13 · Issue #2328 · gpac/gpac
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.
A memory leak has occurred when running program MP4Box, this can reproduce on the lattest commit.
Version
$ ./MP4Box -version
MP4Box - GPAC version 2.1-DEV-rev505-gb9577e6ad-master
(c) 2000-2022 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration: --static-build --extra-cflags=-fsanitize=address -g --extra-ldflags=-fsanitize=address -g
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FREETYPE GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB
git log
commit b9577e6ad91ef96decbcd369227ab02b2842c77f (HEAD -> master, origin/master, origin/HEAD)
Author: jeanlf <[email protected]>
Date: Fri Nov 25 16:53:55 2022 +0100
Verification steps
export CFLAGS='-fsanitize=address -g'
export CC=/usr/bin/clang
export CXX=/usr/bin/clang++
git clone https://github.com/gpac/gpac.git
cd gpac
./configure --static-build --extra-cflags="${CFLAGS}" --extra-ldflags="${CFLAGS}"
make
cd bin/gcc
./MP4Box -info $poc
POC file
https://github.com/HotSpurzzZ/testcases/blob/main/gpac/gpac_Direct_leak_gf_isom_box_parse_ex.mp4
AddressSanitizer output
$ ./MP4Box -info gpac_Direct_leak_gf_isom_box_parse_ex.mp4
[iso file] Failed to uncompress payload for box type !ssx (0x21737378)
Error opening file gpac_Direct_leak_gf_isom_box_parse_ex.mp4: BitStream Not Compliant
=================================================================
==10575==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1718840668 byte(s) in 1 object(s) allocated from:
#0 0x4a186d in malloc (/root/Desktop/gpac/bin/gcc/MP4Box+0x4a186d)
#1 0x7dfc41 in gf_isom_box_parse_ex /root/Desktop/gpac/src/isomedia/box_funcs.c:166:13
#2 0x7df29c in gf_isom_parse_root_box /root/Desktop/gpac/src/isomedia/box_funcs.c:38:8
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x4a186d in malloc (/root/Desktop/gpac/bin/gcc/MP4Box+0x4a186d)
#1 0x599d69 in gf_gz_decompress_payload /root/Desktop/gpac/src/utils/base_encoding.c:257:31
#2 0x7dfc66 in gf_isom_box_parse_ex /root/Desktop/gpac/src/isomedia/box_funcs.c:170:9
#3 0x7df29c in gf_isom_parse_root_box /root/Desktop/gpac/src/isomedia/box_funcs.c:38:8
SUMMARY: AddressSanitizer: 1718844764 byte(s) leaked in 2 allocation(s).
Related news
Gentoo Linux Security Advisory 202408-21
Gentoo Linux Security Advisory 202408-21 - Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 2.2.0 are affected.