Bug 223324 - memory leak
Summary: memory leak
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-03-16 23:39 PDT by Xiaoyu He
Modified: 2023-11-02 12:13 PDT (History)
4 users (show)

See Also:


Attachments
poc (227 bytes, text/javascript)
2021-03-16 23:39 PDT, Xiaoyu He
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Xiaoyu He 2021-03-16 23:39:07 PDT
Created attachment 423440 [details]
poc

==3031==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 1088 byte(s) in 6 object(s) allocated from:
    #0 0x4e0ee0  (/root/targets/targets/jsc_afl_asan18+0x4e0ee0)
    #1 0x695e87e  (/root/targets/targets/jsc_afl_asan18+0x695e87e)

SUMMARY: AddressSanitizer: 1088 byte(s) leaked in 6 allocation(s).
Comment 1 Radar WebKit Bug Importer 2021-03-16 23:39:17 PDT
<rdar://problem/75513657>
Comment 2 Darin Adler 2021-03-17 18:44:14 PDT
What would make a memory leak become an exploitable security issue?
Comment 3 Xiaoyu He 2021-03-17 18:59:03 PDT
(In reply to Darin Adler from comment #2)
> What would make a memory leak become an exploitable security issue?

A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service abnormal
Comment 4 Michael Catanzaro 2023-11-02 12:13:17 PDT
WebKit is filled with memory leaks. The worst that's going to happen is an OOM kill. We don't track these as security bugs.

Your report from LeakSanitizer would be a lot more useful if you built with debuginfo enabled, so we can see what's going on. But the poc is sufficient for a bug report.