Skip to content

GitLab

Closed
Opened by z3r0yu@z3r0yu

Memory Leaks

Hi, gif2png team. Our fuzzer found a crash on gif2png due to a memory leaks.

I compiler gif2png to the 32-bit LSB version with ASAN. The software runs in the x86-64 Ubuntu 16.04 services.

the bug is trigered by ./gif2png -r poc.

gif2png_poc1.zip

the asan debug info is as follows:

=================================================================
==35676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64056 byte(s) in 51 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7ffff6c43c0d in png_malloc_warn (/lib/x86_64-linux-gnu/libpng16.so.16+0xac0d)

Direct leak of 17544 byte(s) in 51 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x7ffff6c3e032 in png_create_info_struct (/lib/x86_64-linux-gnu/libpng16.so.16+0x5032)
    #2 0x4039d8 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x4039d8)
    #3 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
    #4 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 6656 byte(s) in 26 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x405df0 in xalloc (/home/zeroyu/target_gif2png/gif2png64+0x405df0)
    #2 0x405953 in ReadImage (/home/zeroyu/target_gif2png/gif2png64+0x405953)
    #3 0x404a6d in ReadGIF (/home/zeroyu/target_gif2png/gif2png64+0x404a6d)
    #4 0x403647 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x403647)
    #5 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
    #6 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 2048 byte(s) in 8 object(s) allocated from:
    #0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x405df0 in xalloc (/home/zeroyu/target_gif2png/gif2png64+0x405df0)
    #2 0x405953 in ReadImage (/home/zeroyu/target_gif2png/gif2png64+0x405953)
    #3 0x4049cc in ReadGIF (/home/zeroyu/target_gif2png/gif2png64+0x4049cc)
    #4 0x403647 in processfile (/home/zeroyu/target_gif2png/gif2png64+0x403647)
    #5 0x40406d in main (/home/zeroyu/target_gif2png/gif2png64+0x40406d)
    #6 0x7ffff688f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 90304 byte(s) leaked in 136 allocation(s).
[Inferior 1 (process 35676) exited with code 027]