Headline
CVE-2022-36152: Issues in this repor about memory leak · Issue #72 · monostream/tifig
tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
crash sample
id0_memory_leakF9.zip
command to reproduce
…/tifig -v -p [crash sample] /dev/null
crash detail
==74044==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x4fab78 in operator new[](unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:102
#1 0x4fe324 in sanityCheck(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/bupt/Desktop/tifig/src/main.cpp:19:19
#2 0x4fe810 in convert(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Opts&) /home/bupt/Desktop/tifig/src/main.cpp:46:5
#3 0x518b1a in main /home/bupt/Desktop/tifig/src/main.cpp:179:22
#4 0x7fbe4f6c3c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: 10 byte(s) leaked in 1 allocation(s).
### crash sample
id27_memory_leak_F7.zip
command to reproduce
…/tifig -v -p [crash sample] /dev/null
crash detail
==74125==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 17301504 byte(s) in 22 object(s) allocated from:
#0 0x4b4e50 in malloc /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
#1 0x501db8 in decodeFrame(std::vector<unsigned char, std::allocator<unsigned char> >) /home/bupt/Desktop/tifig/src/hevc_decode.hpp:107:31
Direct leak of 1145232 byte(s) in 88 object(s) allocated from:
#0 0x4b5a9d in posix_memalign /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:226
#1 0x7f1462f396d2 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x316d2)
Direct leak of 5632 byte(s) in 22 object(s) allocated from:
#0 0x4fab78 in operator new[](unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:102
#1 0x501d15 in decodeFrame(std::vector<unsigned char, std::allocator<unsigned char> >) /home/bupt/Desktop/tifig/src/hevc_decode.hpp:87:30
Direct leak of 1936 byte(s) in 22 object(s) allocated from:
#0 0x4b5a9d in posix_memalign /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:226
#1 0x7f1462f396d2 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x316d2)
#2 0x5b8b48 in std::_Function_handler<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> (), std::__future_base::_Task_setter<std::unique_ptr<std::__future_base::_Result<RgbData>, std::__future_base::_Result_base::_Deleter>, std::thread::_Invoker<std::tuple<RgbData (*)(std::vector<unsigned char, std::allocator<unsigned char> >), std::vector<unsigned char, std::allocator<unsigned char> > > >, RgbData> >::_M_invoke(std::_Any_data const&) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:301:9
#3 0x5b86b5 in std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>::operator()() const /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/std_function.h:706:14
#4 0x5b86b5 in std::__future_base::_State_baseV2::_M_do_set(std::function<std::unique_ptr<std::__future_base::_Result_base, std::__future_base::_Result_base::_Deleter> ()>*, bool*) /usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/future:561:27
#5 0x7f14648c6906 in __pthread_once_slow /build/glibc-CVJwZb/glibc-2.27/nptl/pthread_once.c:116
Direct leak of 10 byte(s) in 1 object(s) allocated from:
#0 0x4fab78 in operator new[](unsigned long) /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cpp:102
#1 0x4fe324 in sanityCheck(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/bupt/Desktop/tifig/src/main.cpp:19:19
#2 0x4fe810 in convert(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, Opts&) /home/bupt/Desktop/tifig/src/main.cpp:46:5
#3 0x518b1a in main /home/bupt/Desktop/tifig/src/main.cpp:179:22
#4 0x7f1460d4cc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
Indirect leak of 9347778 byte(s) in 572 object(s) allocated from:
#0 0x4b5a9d in posix_memalign /home/bupt/Desktop/tools/llvm-12.0.1/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:226
#1 0x7f1462f396d2 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x316d2)
SUMMARY: AddressSanitizer: 27802092 byte(s) leaked in 727 allocation(s).