Issue 45705 in oss-fuzz: elfutils:fuzz-libdwfl: Indirect-leak in __libelf_next_arhdr_wrlock

Sun, 20 Mar 2022 03:06:01 -0700 


Comment #1 on issue 45705 by [email protected]: elfutils:fuzz-libdwfl: 
Indirect-leak in __libelf_next_arhdr_wrlock
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45705#c1

ASAN report
Running: 
/mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/leak-919ecedf38381f07ca17919209098f636c73aae7
=================================================================
==426037==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 7175 byte(s) in 1 object(s) allocated from:
    #0 0x8179625 in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0x82aa297 in read_long_names /src/elfutils/libelf/elf_begin.c:784:10
    #2 0x82aa297 in __libelf_next_arhdr_wrlock 
/src/elfutils/libelf/elf_begin.c:912:8
    #3 0x82ab8aa in dup_elf /src/elfutils/libelf/elf_begin.c:1061:10
    #4 0x82ab8aa in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10
    #5 0x82ab3a9 in elf_begin /src/elfutils/libelf/elf_begin.c:0
    #6 0x81ba74d in process_archive /src/elfutils/libdwfl/offline.c:251:17
    #7 0x81ba74d in process_file /src/elfutils/libdwfl/offline.c:125:14
    #8 0x81bb32b in __libdwfl_report_offline 
/src/elfutils/libdwfl/offline.c:287:22
    #9 0x81bb32b in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
    #10 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
    #11 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned 
int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #13 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char 
const*, unsigned int)) 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #14 0x80bd397 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0xf7c2cee4 in __libc_start_main
Indirect leak of 208 byte(s) in 1 object(s) allocated from:
    #0 0x81797d1 in __interceptor_calloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x82a594b in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x82a594b in file_read_ar /src/elfutils/libelf/elf_begin.c:59:9
    #3 0x82a594b in __libelf_read_mmaped_file 
/src/elfutils/libelf/elf_begin.c:570:14
    #4 0x82abd22 in read_file /src/elfutils/libelf/elf_begin.c:701:28
    #5 0x82ab2ed in elf_begin /src/elfutils/libelf/elf_begin.c:0
    #6 0x81c7d03 in libdw_open_elf /src/elfutils/libdwfl/open.c:131:14
    #7 0x81c7c33 in __libdw_open_file /src/elfutils/libdwfl/open.c:197:10
    #8 0x81bb2b8 in __libdwfl_report_offline 
/src/elfutils/libdwfl/offline.c:281:22
    #9 0x81bb2b8 in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
    #10 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
    #11 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned 
int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #13 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char 
const*, unsigned int)) 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #14 0x80bd397 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0xf7c2cee4 in __libc_start_main
Indirect leak of 208 byte(s) in 1 object(s) allocated from:
    #0 0x81797d1 in __interceptor_calloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x82a5abb in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x82a5abb in __libelf_read_mmaped_file 
/src/elfutils/libelf/elf_begin.c:578:10
    #3 0x82abd22 in read_file /src/elfutils/libelf/elf_begin.c:701:28
    #4 0x82ab83b in dup_elf /src/elfutils/libelf/elf_begin.c:1067:12
    #5 0x82ab83b in lock_dup_elf /src/elfutils/libelf/elf_begin.c:1119:10
    #6 0x82ab3a9 in elf_begin /src/elfutils/libelf/elf_begin.c:0
    #7 0x81ba74d in process_archive /src/elfutils/libdwfl/offline.c:251:17
    #8 0x81ba74d in process_file /src/elfutils/libdwfl/offline.c:125:14
    #9 0x81bb32b in __libdwfl_report_offline 
/src/elfutils/libdwfl/offline.c:287:22
    #10 0x81bb32b in dwfl_report_offline /src/elfutils/libdwfl/offline.c:316:10
    #11 0x81b79ff in LLVMFuzzerTestOneInput /src/fuzz-libdwfl.c:47:22
    #12 0x80a359d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #13 0x808ec3e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned 
int) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #14 0x809472f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char 
const*, unsigned int)) 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #15 0x80bd397 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #16 0xf7c2cee4 in __libc_start_main
SUMMARY: AddressSanitizer: 7591 byte(s) leaked in 3 allocation(s).
INFO: a leak has been found in the initial corpus.
INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.

Reply via email to