GNOME Bugzilla – Bug 775455
qtdemux: memory leaks in qtdemux_inflate
Last modified: 2016-12-05 09:12:37 UTC
If you take this file http://samples.mplayerhq.hu/A-codecs/lossless/ALAC/alac.mov and parse it (e.g. with gst-discoverer-1.0) it will cause several memory leaks. Can be seen with valgrind or newer versions of asan (tip: ASAN_OPTIONS="fast_unwind_on_malloc=0" gives reasonable stack traces for memory leaks, otherwise the error messages are not very useful). ==27650==ERROR: LeakSanitizer: detected memory leaks Direct leak of 7152 byte(s) in 1 object(s) allocated from: #0 0x4d4e28 in malloc (/usr/bin/gst-discoverer-1.0+0x4d4e28) #1 0x7f9fe9946aa8 in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4faa8) #2 0x7f9feaee7f5c in inflateInit2_ (/lib64/libz.so.1+0x7f5c) #3 0x7f9fdd3cc03d in qtdemux_inflate /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:6893:9 #4 0x7f9fdd3cc03d in qtdemux_parse_moov /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:6951 #5 0x7f9fdd3c08b8 in gst_qtdemux_loop_state_header /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:4218:7 #6 0x7f9fdd3c08b8 in gst_qtdemux_loop /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:5753 #7 0x7f9fea76c5d3 in gst_task_func /f/gstreamer/gstreamer/gst/gsttask.c:334:5 #8 0x7f9fe9969627 (/usr/lib64/libglib-2.0.so.0+0x72627) #9 0x7f9fe9968c94 (/usr/lib64/libglib-2.0.so.0+0x71c94) #10 0x7f9fe93e5453 in start_thread (/lib64/libpthread.so.0+0x7453) #11 0x7f9fe8f155dc in clone (/lib64/libc.so.6+0xe75dc) Direct leak of 1759 byte(s) in 1 object(s) allocated from: #0 0x4d524d in realloc (/usr/bin/gst-discoverer-1.0+0x4d524d) #1 0x7f9fe9946b6c in g_realloc (/usr/lib64/libglib-2.0.so.0+0x4fb6c) #2 0x7f9fdd3cc136 in qtdemux_inflate /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:6897:27 #3 0x7f9fdd3cc136 in qtdemux_parse_moov /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:6951 #4 0x7f9fdd3c08b8 in gst_qtdemux_loop_state_header /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:4218:7 #5 0x7f9fdd3c08b8 in gst_qtdemux_loop /f/gstreamer/gst-plugins-good/gst/isomp4/qtdemux.c:5753 #6 0x7f9fea76c5d3 in gst_task_func /f/gstreamer/gstreamer/gst/gsttask.c:334:5 #7 0x7f9fe9969627 (/usr/lib64/libglib-2.0.so.0+0x72627) #8 0x7f9fe9968c94 (/usr/lib64/libglib-2.0.so.0+0x71c94) #9 0x7f9fe93e5453 in start_thread (/lib64/libpthread.so.0+0x7453) #10 0x7f9fe8f155dc in clone (/lib64/libc.so.6+0xe75dc) SUMMARY: AddressSanitizer: 8911 byte(s) leaked in 2 allocation(s).
commit b79655d3c93ec2bd37d3dff40d909d6a65d41dbb Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Dec 1 14:30:49 2016 +0200 qtdemux: Ensure that size of the pasp atom is as much as we need https://bugzilla.gnome.org/show_bug.cgi?id=775455 commit d46cc8df6c9eb8120a1d6c437ee3b24f531dbb01 Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Dec 1 14:30:10 2016 +0200 qtdemux: Free compressed moov node and it's corresponding decompressed data https://bugzilla.gnome.org/show_bug.cgi?id=775455 commit b4d6b2af8efcc6f2c008542041a9abcdc57e899e Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Dec 1 14:29:21 2016 +0200 qtdemux: Check size of compressed MOOV header against available data And actually read the size of the cmvd atom from the right position. https://bugzilla.gnome.org/show_bug.cgi?id=775455 commit 5e4883094b45204d79ea611ef5a38c60f9e9604f Author: Sebastian Dröge <sebastian@centricular.com> Date: Thu Dec 1 14:27:55 2016 +0200 qtdemux: Fix zlib inflate loop Handle errors cleanly, deallocate all memory and return the actual size of the inflated data. https://bugzilla.gnome.org/show_bug.cgi?id=775455
1.10 backport coming in a bit. Thanks for reporting this, I found quite a few bigger problems than the leak while looking at the code.