223324 – memory leak

Bug 223324 - memory leak

Summary: memory leak

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-03-16 23:39 PDT by Xiaoyu He
Modified:	2023-11-02 12:13 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
poc (227 bytes, text/javascript) 2021-03-16 23:39 PDT, Xiaoyu He	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xiaoyu He 2021-03-16 23:39:07 PDT

Created attachment 423440 [details]
poc

==3031==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1088 byte(s) in 6 object(s) allocated from:
    #0 0x4e0ee0  (/root/targets/targets/jsc_afl_asan18+0x4e0ee0)
    #1 0x695e87e  (/root/targets/targets/jsc_afl_asan18+0x695e87e)

SUMMARY: AddressSanitizer: 1088 byte(s) leaked in 6 allocation(s).

Comment 1 Radar WebKit Bug Importer 2021-03-16 23:39:17 PDT

<rdar://problem/75513657>

Comment 2 Darin Adler 2021-03-17 18:44:14 PDT

What would make a memory leak become an exploitable security issue?

Comment 3 Xiaoyu He 2021-03-17 18:59:03 PDT

(In reply to Darin Adler from comment #2)
> What would make a memory leak become an exploitable security issue?

A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service abnormal

Comment 4 Michael Catanzaro 2023-11-02 12:13:17 PDT

WebKit is filled with memory leaks. The worst that's going to happen is an OOM kill. We don't track these as security bugs.

Your report from LeakSanitizer would be a lot more useful if you built with debuginfo enabled, so we can see what's going on. But the poc is sufficient for a bug report.