Headline
CVE-2023-48958: LeakSanitizer: detected memory leaks in in gf_mpd_resolve_url media_tools/mpd.c:4589 · Issue #2689 · gpac/gpac
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.
1、Version
./MP4Box -version
MP4Box - GPAC version 2.3-DEV-rev617-g671976fcc-master
© 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io/
Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452
GPAC Configuration:
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SSL GPAC_HAS_SOCK_UN GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_LINUX_DVB GPAC_DISABLE_3D
2、ASAN Log
[DASH] Updated manifest:
P#1: start 0 - duration 0 - xlink none
[DASH] Manifest after update:
P#1: start 0 - duration 0 - xlink none
[DASH] Setting up period start 0 duration 0 xlink none ID DID1
[DASH] Cannot compute default segment duration
[DASH] AS#1 changed quality to bitrate 10 kbps - Width 1280 Height 720 FPS 30/1 (playback speed 1)
[DASH] AS#2 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#3 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#4 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#5 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)
[DASH] AS#6 changed quality to bitrate 120 kbps - Width 384 Height 208 FPS 30/1 (playback speed 1)
[DASH] AS#7 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)
[DASH] AS#8 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] Segment duration unknown - cannot estimate current startNumber
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] No ROUTE entity on HTTP request
[DASH] AST at init 1621274304781
[DASH] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)
[DASH] Unable to resolve initialization URL: Bad Parameter
Filter dashin failed to setup: Bad Parameter
Filters not connected:
fout (dst=crash24_dash.mpd:gpac:segdur=10000/1000:profile=full:!sap:buf=1500:!check_dur:pssh=v:subs_sidx=0) (idx=1)
Arg segdur set but not used
Arg profile set but not used
Arg !sap set but not used
Arg buf set but not used
Arg !check_dur set but not used
Arg pssh set but not used
Arg subs_sidx set but not used
Error DASHing file: Bad Parameter
=================================================================
==3766==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 50 byte(s) in 1 object(s) allocated from:
#0 0x7f8f1245b9a7 in __interceptor_strdup …/…/…/…/src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f8f112d489f in gf_mpd_resolve_url media_tools/mpd.c:4589
#2 0x7f8f11303e24 in gf_dash_resolve_url media_tools/dash_client.c:3447
SUMMARY: AddressSanitizer: 50 byte(s) leaked in 1 allocation(s).
3、Reproduction
./MP4Box -dash 10000 $poc
4、poc
crash24.zip
5、Impact
This vulnerability is capable of causing crashes, or lead to dos.
6、 Env
Linux dr0v-virtual-machine 6.2.0-36-generic #37 SMP PREEMPT_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
AFL++ 4.09a
7、Credit
dr0v