[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Memory leak in binutils
|
From: |
Philippe Antoine |
|
Subject: |
Re: Memory leak in binutils |
|
Date: |
Wed, 4 Dec 2019 13:56:21 +0100 |
Hi Xiaohan,
Are you running the fuzz target from ?
https://github.com/google/oss-fuzz/blob/master/projects/binutils/fuzz_disassemble.c
Did you apply this patch before compiling it ?
https://github.com/google/oss-fuzz/blob/master/projects/binutils/patch.diff
Cheers,
Philippe
> Le 4 déc. 2019 à 12:14, Xiaohan Wu <address@hidden> a écrit :
>
> Hello, I got a memory leak bug in binutils.
>
> ASAN log:
>
> ==29347==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 3 byte(s) in 1 object(s) allocated from:
> #0 0x483514 in __strdup
> /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
> #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11
> #2 0x6e6826 in print_insn_microblaze
> /src/binutils-gdb/opcodes/microblaze-dis.c
> #3 0x4ca15d in LLVMFuzzerTestOneInput
> /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13
> #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
> unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
> #5 0x516ee0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned
> long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
> #6 0x51c4bf in fuzzer::Fuzzer::MutateAndTestOne()
> /src/libfuzzer/FuzzerLoop.cpp:698:19
> #7 0x51fcfd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile,
> fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
> /src/libfuzzer/FuzzerLoop.cpp:830:5
> #8 0x4d8f81 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
> const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6
> #9 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
> #10 0x7f6ac80e982f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>
> Direct leak of 3 byte(s) in 1 object(s) allocated from:
> #0 0x483514 in __strdup
> /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
> #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11
> #2 0x6e64b9 in print_insn_microblaze
> /src/binutils-gdb/opcodes/microblaze-dis.c:296:36
> #3 0x4ca15d in LLVMFuzzerTestOneInput
> /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13
> #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
> unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
> #5 0x516ee0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned
> long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3
> #6 0x51c4bf in fuzzer::Fuzzer::MutateAndTestOne()
> /src/libfuzzer/FuzzerLoop.cpp:698:19
> #7 0x51fcfd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile,
> fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&)
> /src/libfuzzer/FuzzerLoop.cpp:830:5
> #8 0x4d8f81 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
> const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6
> #9 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
> #10 0x7f6ac80e982f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>
> SUMMARY: AddressSanitizer: 6 byte(s) leaked in 2 allocation(s).
> INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.
>
> MS: 1 ChangeByte-; base unit: a1be622c3abbca83b3dff1e93a6b232e18dd7e98
> 0xc6,0xc,0x0,0x4,0x26,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x50,
> \xc6\x0c\x00\x04&\x00\x00\x00\x00\x00\x00\x00\x00P
> artifact_prefix='./'; Test unit written to
> ./leak-0dbec89599a608e357f7a41d42cc041ae064df6a
> Base64: xgwABCYAAAAAAAAAAFA=
>
>
> And leak file attached.
>
> Yours,
> Skyvast
>
> <leak-0dbec89599a608e357f7a41d42cc041ae064df6a>
smime.p7s
Description: S/MIME cryptographic signature