https://sourceware.org/bugzilla/show_bug.cgi?id=28655
Bug ID: 28655
Summary: There seems to be a memory leak in file_read_elf
Product: elfutils
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libdw
Assignee: unassigned at sourceware dot org
Reporter: evvers at ya dot ru
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Created attachment 13823
--> https://sourceware.org/bugzilla/attachment.cgi?id=13823&action=edit
File triggering a memory leak
One of systemd fuzz targets discovered a memory leak in file_read_elf. It can
be reproduced by building the master branch of the elfutils repository and
passing the attachment to `./src/stack` run under Valgrind
```
autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=1
LD_PRELOAD="./libelf/libelf.so ./libdw/libdw.so" valgrind --leak-check=full
./src/stack --core ../oss-fuzz-41568
...
==63344== HEAP SUMMARY:
==63344== in use at exit: 16,722,041 bytes in 108 blocks
==63344== total heap usage: 4,580 allocs, 4,472 frees, 16,980,258 bytes
allocated
==63344==
==63344== 264 bytes in 1 blocks are definitely lost in loss record 9 of 19
==63344== at 0x4845464: calloc (vg_replace_malloc.c:1328)
==63344== by 0x4855711: allocate_elf (common.h:74)
==63344== by 0x4855711: file_read_elf (elf_begin.c:320)
==63344== by 0x485607A: __libelf_read_mmaped_file (elf_begin.c:559)
==63344== by 0x48C52AA: dwfl_segment_report_module
(dwfl_segment_report_module.c:955)
==63344== by 0x48C7C87: dwfl_core_file_report@@ELFUTILS_0.158
(core-file.c:559)
==63344== by 0x402EC6: parse_opt (stack.c:595)
==63344== by 0x4C3AF81: argp_parse (in /usr/lib64/libc-2.33.so)
==63344== by 0x4024EA: main (stack.c:695)
==63344==
```
It was also reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41568
```
==618914==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 264 byte(s) in 1 object(s) allocated from:
#0 0x526002 in __interceptor_calloc
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
#1 0x636d4e in allocate_elf /src/elfutils/libelf/common.h:74:17
#2 0x636d4e in file_read_elf /src/elfutils/libelf/elf_begin.c:320:14
#3 0x6362aa in __libelf_read_mmaped_file
/src/elfutils/libelf/elf_begin.c:559:14
#4 0x64ba42 in elf_memory /src/elfutils/libelf/elf_memory.c:49:10
#5 0x5f9867 in dwfl_segment_report_module
/src/elfutils/libdwfl/dwfl_segment_report_module.c:955:13
#6 0x567135 in dwfl_core_file_report
/src/elfutils/libdwfl/core-file.c:559:17
#7 0x55f280 in LLVMFuzzerTestOneInput /src/fuzz-dwfl-core.c:52:6
#8 0x456ca3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) cxa_noexception.cpp:0
#9 0x4425b2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned
long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#10 0x44807a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
const*, unsigned long)) cxa_noexception.cpp:0
#11 0x470fa2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#12 0x7fe13555c0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
```
--
You are receiving this mail because:
You are on the CC list for the bug.
