Issue 60887 in oss-fuzz: elfutils:fuzz-libelf: Direct-leak in __libelf_decompress_zlib

[evv… via monorail via Elfutils-devel]

Comment #1 on issue 60887 by evv...@gmail.com: elfutils:fuzz-libelf: 
Direct-leak in __libelf_decompress_zlib
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60887#c1

The full backtrace is
```
==178009==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x52efd6 in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x57a228 in __libelf_decompress_zlib 
/src/elfutils/libelf/elf_compress.c:370:19
    #2 0x57a987 in __libelf_decompress 
/src/elfutils/libelf/elf_compress.c:440:12
    #3 0x57a987 in __libelf_decompress_elf 
/src/elfutils/libelf/elf_compress.c:500:7
    #4 0x57629f in get_zdata /src/elfutils/libelf/elf_strptr.c:45:17
    #5 0x575c5e in elf_strptr /src/elfutils/libelf/elf_strptr.c:135:38
    #6 0x56c5b3 in fuzz_logic_one /src/fuzz-libelf.c:40:26
    #7 0x56cc7f in LLVMFuzzerTestOneInput /src/fuzz-libelf.c:88:3
```

I haven't figured out how to trigger that memory leak without the fuzz target
but as far as I can tell `fuzz_logic_one` was inspired by the elfgetzdata test 
in
the sense that it calls elf_nextscn/elf_strptr/elf_compress.

The code triggering the memory leak is
https://github.com/google/oss-fuzz/blob/24328c88fd610decaf311020ffc7073aec1db252/projects/elfutils/fuzz-libelf.c#L27C6-L27C20

-- 
You received this message because:
  1. You were specifically CC'd on the issue

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

Reply to this email to add a comment.