[gnutls-devel] libtasn1 | memory leaks in asn1_array2tree (#26)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Mar 17 03:21:42 CET 2020
whzhe51 created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/26
## Description of problem:
Indirect leak of 912 byte(s) in 6 object(s) allocated from:
#0 0x5216a2 in calloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
#1 0x56fb06 in _asn1_add_static_node /src/libtasn1/lib/parser_aux.c:72:10
#2 0x554557 in asn1_array2tree /src/libtasn1/lib/structure.c:199:11
#3 0x553cc0 in LLVMFuzzerTestOneInput /src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c:84:3
#4 0x459d01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#5 0x459425 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#6 0x45b7c7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#7 0x45c555 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
#8 0x44a6d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
#9 0x474752 in main /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#10 0x7fb87930482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Indirect leak of 20 byte(s) in 1 object(s) allocated from:
#0 0x52152d in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
#1 0x570591 in _asn1_set_value /src/libtasn1/lib/parser_aux.c:274:21
#2 0x5545d9 in asn1_array2tree /src/libtasn1/lib/structure.c:203:2
#3 0x553cc0 in LLVMFuzzerTestOneInput /src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c:84:3
#4 0x459d01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#5 0x459425 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#6 0x45b7c7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#7 0x45c555 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
#8 0x44a6d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
#9 0x474752 in main /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#10 0x7fb87930482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
## Version of libtasn1 used:
4.16
## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)
Fedora
## How reproducible:
fuzz-test
Steps to Reproduce:
* one
* two
* three
## Actual results:
memoryleak
## Expected results:
fuzz-test pass
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/26
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200317/94b52f11/attachment.html>
More information about the Gnutls-devel
mailing list