Skip to content
GitLab
Open
Created by whzhe51@whzhe51

memory leaks in asn1_array2tree

Description of problem:

Indirect leak of 912 byte(s) in 6 object(s) allocated from:
    #0 0x5216a2 in calloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
    #1 0x56fb06 in _asn1_add_static_node /src/libtasn1/lib/parser_aux.c:72:10
    #2 0x554557 in asn1_array2tree /src/libtasn1/lib/structure.c:199:11
    #3 0x553cc0 in LLVMFuzzerTestOneInput /src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c:84:3
    #4 0x459d01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #5 0x459425 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #6 0x45b7c7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #7 0x45c555 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
    #8 0x44a6d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
    #9 0x474752 in main /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #10 0x7fb87930482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x52152d in malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x570591 in _asn1_set_value /src/libtasn1/lib/parser_aux.c:274:21
    #2 0x5545d9 in asn1_array2tree /src/libtasn1/lib/structure.c:203:2
    #3 0x553cc0 in LLVMFuzzerTestOneInput /src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c:84:3
    #4 0x459d01 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #5 0x459425 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #6 0x45b7c7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #7 0x45c555 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:830:5
    #8 0x44a6d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:824:6
    #9 0x474752 in main /src/llvm/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #10 0x7fb87930482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Version of libtasn1 used:

4.16

Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL)

Fedora

How reproducible:

fuzz-test

Steps to Reproduce:

  • one
  • two
  • three

Actual results:

memoryleak

Expected results:

fuzz-test pass

Edited by Tim Rühsen