Closed Bug 1465652 Opened 7 years ago Closed 7 years ago

nestegg: detected memory leaks in ne_read_block_additions src/nestegg.c:1775

Categories

(Core :: Audio/Video: Playback, defect, P2)

Product:
Core
Component:
Audio/Video: Playback
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox-esr52 --- wontfix
firefox-esr60 --- wontfix
firefox61 --- wontfix
firefox62 --- wontfix
firefox63 --- fixed

People

(Reporter: tsmith, Assigned: kinetik)

References

Details

(Keywords: memory-leak)

Attachments

(1 file)

testcase.webm
68.38 KB, video/webm
Details
Attached video testcase.webm
STR: 1) Build with ASan (-fsanitize=address) 2) Run with ASAN_OPTIONS=detect_leaks=1 ==17222==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4b8c10 in calloc (regress+0x4b8c10) #1 0x501262 in ne_alloc src/nestegg.c:607:10 #2 0x501262 in ne_read_block_additions src/nestegg.c:1775 #3 0x501262 in nestegg_read_packet src/nestegg.c:2866 #4 0x4eddbd in test test/regress.c:205:9 #5 0x4efcc6 in main test/regress.c:298:5 Direct leak of 3 byte(s) in 1 object(s) allocated from: #0 0x4b8c10 in calloc (regress+0x4b8c10) #1 0x500e91 in ne_alloc src/nestegg.c:607:10 #2 0x500e91 in ne_read_block_additions src/nestegg.c:1747 #3 0x500e91 in nestegg_read_packet src/nestegg.c:2866 #4 0x4eddbd in test test/regress.c:205:9 #5 0x4efcc6 in main test/regress.c:298:5 Indirect leak of 3 byte(s) in 1 object(s) allocated from: #0 0x4b8c10 in calloc (regress+0x4b8c10) #1 0x500e91 in ne_alloc src/nestegg.c:607:10 #2 0x500e91 in ne_read_block_additions src/nestegg.c:1747 #3 0x500e91 in nestegg_read_packet src/nestegg.c:2866 #4 0x4eddbd in test test/regress.c:205:9 #5 0x4efcc6 in main test/regress.c:298:5 SUMMARY: AddressSanitizer: 38 byte(s) leaked in 3 allocation(s).
Dumb bug: we free block_additional on a bunch of error paths, but block_additional is a linked list. The entire list should be freed like it is in nestegg_free_packet. This would be uncommon in the wild. It requires a WebM using BlockGroups (rare) that include multiple BlockAdditions (rarer). The BlockGroup handling stuff really only exists for handling videos with an extra alpha stream, and well-formed WebMs of that type probably wouldn't trigger this. https://github.com/kinetiknz/nestegg/pull/56
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
Rank: 15
Priority: -- → P2
Fixed via bug 1480003.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
status-firefox61: --- → wontfix
status-firefox62: --- → wontfix
status-firefox63: --- → fixed
status-firefox-esr52: --- → wontfix
status-firefox-esr60: --- → wontfix
Depends on: 1480003
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: