[security] memory leak in Media_GetSample #3368
Description
Description:
A memory leak has been detected in the MP4Box application, specifically when handling media samples during processing. The leak occurs in the function Media_GetSample from the libgpac.so.13 library, where a small memory allocation is made but never properly freed, leading to a memory leak.
To Reproduce:
Steps to reproduce the behavior:
./MP4Box -cat POC white.mp4 -out /dev/null
Output:
ASAN-report:
Unrecognized import option 000218,sig, ignoring
Unrecognized import option 11,src, ignoring
Unrecognized import option 017615,time, ignoring
Unrecognized import option 82102033,execs, ignoring
Unrecognized import option 18169337,op, ignoring
Unrecognized import option quick,pos, ignoring
Unrecognized import option 5545, ignoring
[iso file] Unknown box type Dp4s in parent stsd
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 1 - Video (size 176 x 144)
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 2 - media type "hint:rtp "
Missing DecoderSpecificInfo in MPEG-4 AAC stream
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 5 - Audio (SR 44100 - 2 channels)
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 6 - media type "hint:rtp "
[iso file] Unknown box type Dp4s in parent stsd
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 7 - Audio (SR 6912 - 0 channels)
IsoMedia import id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545 - track ID 8 - media type "sdsm:mp4s"
WARNING: Track ID 2 (type hint) not handled by concatenation - removing from destination
WARNING: Track ID 6 (type hint) not handled by concatenation - removing from destination
Appending file id:000218,sig:11,src:017615,time:82102033,execs:18169337,op:quick,pos:5545
Multiple sample entry required, merging
No suitable destination track found - creating new one (type soun)
No suitable destination track found - creating new one (type soun)
[iso file] Unknown box type Dp4s in parent stsd
No suitable destination track found - creating new one (type sdsm)
0.500 secs Interleaving
=================================================================
==871965==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1 byte(s) in 1 object(s) allocated from:
#0 0x7fe876c947ee in __interceptor_malloc (/usr/lib/llvm-14/lib/clang/14.0.0/lib/linux/libclang_rt.asan-x86_64.so+0xcd7ee) (BuildId: a6105a816e63299474c1078329a59ed80f244fbf)
#1 0x7fe87653e26e in Media_GetSample (/gpac/bin/gcc/libgpac.so.13+0x25126e) (BuildId: 41c3cd506b1eeffd2fc1d11317679a8494f2ce08)
SUMMARY: AddressSanitizer: 1 byte(s) leaked in 1 allocation(s).
Environment:
OS: Linux f14f652592a0 5.4.0-200-generic #220-Ubuntu SMP Fri Sep 27 13:19:16 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux;
Compiler version: Ubuntu clang version 16.0.6;
Build-opts: ./configure --extra-cflags="-g -O1 -fsanitize=address" ;
CPU type: x86_64 ;
MP4Box - GPAC commit hash 7f2e107108e53c19d30cb15d89a8324c9cf980aa ;
MP4Box - GPAC version 2.5-DEV-rev1823-g7f2e10710-master;
Additional context:
See sample in the attachment.
screenshot: