Bug 24048 - memory leaks in readelf
Summary: memory leaks in readelf
Status: RESOLVED WONTFIX
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-31 04:56 UTC by zerokeeper
Modified: 2019-01-14 13:48 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
binutils-readelf-memory-leak (3.14 KB, application/x-executable)
2018-12-31 04:56 UTC, zerokeeper
Details
binutils-readelf--memory-leak-filedata (10.61 KB, application/octet-stream)
2018-12-31 15:53 UTC, zerokeeper
Details

Note You need to log in before you can comment on or make changes to this bug.
Description zerokeeper 2018-12-31 04:56:28 UTC
Created attachment 11502 [details]
binutils-readelf-memory-leak

hi,binutils team,I found a memory leaks bug in binutils-2.31 with readelf.it is latest release.

./binutils/readelf -a binutils-readelf-memory-leak

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 80 13 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       128
  Type:                              EXEC (Executable file)
  Machine:                           MIPS R4000 big-endian
  Version:                           0x8e50001
  Entry point address:               0x8e5
  Start of program headers:          64 (bytes into file)
  Start of section headers:          8632 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         10
  Size of section headers:           64 (bytes)
  Number of section headers:         27
  Section header string table index: 26

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000400270  00000270
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             000000000040028c  0000028c
       0000000000000020  0000040000000000   A       0     0     4
  [ 3] .gnu.hash         GNU_HASH         00000000004002b0  000002b0
       0000000000000028  0000000000000000   A       4     0     8
  [ 4] .dynsym           DYNSYM           00000000004002d8  000002d8
       00000000000020f8  0000000000000018   A       5     1     8
  [ 5] <corrupt>         STRTAB           00000000004004d0  000004d0
       00000000000000c4  0000000000000000   A       0     0     1
  [ 6] .gnu.version      VERSYM           0000000000400594  00000594
       000000000000002a  0000000000000002   A       4     0     2
  [ 7] .gnu.version_r    VERNEED          00000000004005c0  000005c0
       0000000000000030  0000000000000000   A       5     1     8
  [ 8] .rela.dyn         LOUSER+0x70ffff  00000000004005f0  000005f0
       0000000000000048  0000000000000018   A       4     0     8
  [ 9] .rela.plt         RELA             0000000000400638  00000638
       00000000000001b0  0000000000000018  AI       4    11     8
  [10] .init             PROGBITS         00000000004007e8  000007e8
       000000000000001a  0000000000000000  AX       0     0     4
  [11] .plt              PROGBITS         0000000000400810  00000810
       0000000000000130  0000000000000010  AX       0     0     16
  [12] .text             PROGBITS         0000000000400940  00000940
       00000000000004b2  0000000000000000  AX       0     0     16
  [13] .fini             PROGBITS         1c00000000400df4  00000df4
       0000000000000009  0000000000000000  AX       0     0     4
  [14] .rodata           PROGBITS         0000000000400e00  00000e00
       0000000000000380  0000000000000000   A       0     0     64
  [15] .eh_frame_hdr     PROGBITS         0000000000401180  00001180
       000000000000004c  0000000000000000   A       0     0     4
  [16] .eh_frame         PROGBITS         00000000004011d0  000011d0
       000000000000015c  0000000000000000   A       0     0     8
  [17] .init_array       INIT_ARRAY       0000000000601e10  00001e10
       0000000000000008  0000000000000000  WA       0     0     8
  [18] .fini_array       FINI_ARRAY       0000000000601e18  00040000
       0000000000000008  0000000000000000  WA       0     0     8
  [19] .jcr              PROGBITS         0000000000601e20  00001e20
       0000000000000008  0000000000000000  WA       0     0     8
  [20] .dynamic          DYNAMIC          0000000000601e28  00001e28
       00000000000001d0  0000000000000010  WA       5     0     8
  [21] .got              PROGBITS         0000000000601ff8  00001ff8
       0000000000000008  0000000000000008  WA       0     0     8
  [22] .got.plt          PROGBITS         0000000000602000  00002000
       00000000000000a8  0000000000000008  WA       0     0     8
  [23] .data             PROGBITS         00000000006020a8  000020a8
       0000000000000010  0000000000000000  WA       0     0     8
  [24] .bss              NOBITS           00000000006020c0  000020b8
       0000000000000038  0000000000000000  WA       0     0     32
  [25] .gnu_debuglink    PROGBITS         00ffed0000000000  000020b8
       0000000000000014  0000000000000000           0     0     1
  [26] .shstrtab         STRTAB           0000000000000000  000020cc
       00000000000000eb  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040
                 0x0000000000000230 0x0000000000000230  R E    0x8
readelf: Error: the PHDR segment is not covered by a LOAD segment
  INTERP         0x0000000000000270 0x0000000000400270 0x0000000000400270
                 0x000000000000001c 0x000000000000001c  R      0x1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000400096 0x0000000000400000
                 0x000000000000132c 0x000000000000132c  R E    0x200000
  LOAD           0x0000000000001e10 0x0000000000601e10 0x0000000000601e10
                 0x00000000000002a8 0x00000000000002e8  RW     0x200000
  DYNAMIC        0x0000000000001e28 0x0000000000601e28 0x0000000000601e28
                 0x00000000000001d0 0x00000000000001d0  RW     0x8
  NOTE           0x000000000000028c 0x000000000040028c 0x000000000040028c
                 0x0000000000000020 0x0000000000000000  R      0x0
  GNU_EH_FRAME   0x0000000000001180 0x0000000000401180 0x0000000000401180
                 0x000000000000004c 0x000000000000004c  R      0x4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     0x10
  GNU_RELRO      0x0000000000001e10 0x0000000000601e10 0x0000000000421e10
                 0x00000000000001f0 0x00000000000001f0  R      0x1
  LOOS+0x5041580 0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000         0x8

 Section to Segment mapping:
  Segment Sections...
   00
   01     .interp
   02     .interp .note.ABI-tag .gnu.hash <corrupt> .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .rodata .eh_frame_hdr .eh_frame
   03     .init_array .jcr .dynamic .got .got.plt .data .bss
   04     .dynamic
   05
   06     .eh_frame_hdr
   07
   08     .init_array .jcr .dynamic .got
   09

Dynamic section at offset 0x1e28 contains 24 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: []
 0x000000000000000c (INIT)               0x4007e8
 0x000000000000000d (FINI)               0x400df4
 0x0000000000000019 (INIT_ARRAY)         0x601e10
 0x000000000000001b (INIT_ARRAYSZ)       8 (bytes)
 0x000000000000001a (FINI_ARRAY)         0x601e18
 0x000000000000001c (FINI_ARRAYSZ)       8 (bytes)
 0x000000006ffffef5 (GNU_HASH)           0x4002b0
 0x0000000000000005 (STRTAB)             0x4004d0
 0x0000000000000006 (SYMTAB)             0x4002d8
 0x000000000000000a (STRSZ)              196 (bytes)
 0x000000000000000b (SYMENT)             24 (bytes)
 0x0000000000000015 (DEBUG)              0x0
 0x0000000000000003 (PLTGOT)             0x602000
 0x0000000000000002 (PLTRELSZ)           432 (bytes)
 0x0000000000000014 (PLTREL)             RELA
 0x0000000000000017 (JMPREL)             0x400638
 0x0000000000000007 (RELA)               0x4005f0
 0x0000000000000008 (RELASZ)             72 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x000000006ffffffe (VERNEED)            0x4005c0
 0x000000007000000a (MIPS_LOCAL_GOTNO)   1
 0x000000006ffffff0 (VERSYM)             0x400594
 0x0000000000000000 (NULL)               0x0

Relocation section '.rela.plt' at offset 0x638 contains 18 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000602018  000100000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 free + 0
000000602020  000200000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 __errno_location + 0
000000602028  000300000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 strcpy + 0
000000602030  000400000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 puts + 0
000000602038  000500000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 getopt_long + 0
000000602040  000600000007 R_MIPS_GPREL16   readelf: Error: Reading 16 bytes extends past end of file for version need aux (3)
readelf: Error: Reading 16 bytes extends past end of file for version need
 0000000000000000 printf + 0
000000602048  080000000007 R_MIPS_GPREL16   readelf: Error:  bad symbol index: 00000800 in reloc
000060205800  090000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000900 in reloc
000060206000  0a0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000a00 in reloc
000060206800  0b0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000b00 in reloc
000060207000  0c0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000c00 in reloc
000060207800  0d0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000d00 in reloc
000060208000  0e0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000e00 in reloc
000060208800  0f0000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00000f00 in reloc
000060209000  100040002900 unrecognized: 40002900readelf: Error:  bad symbol index: 00001000 in reloc
000060209800  110000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00001100 in reloc
00006020a000  120000000700 unrecognized: 700    readelf: Error:  bad symbol index: 00001200 in reloc
58b4808ec834800  74c0854800201805 unrecognized: 201805 readelf: Error:  bad symbol index: 74c08548 in reloc

The decoding of unwind sections for machine type MIPS R4000 big-endian is not currently supported.

Version symbols section '.gnu.version' contains 21 entries:
 Addr: 0000000000400594  Offset: 0x000594  Link: 4 (.dynsym)
  000:7000 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             7475 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
               73 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             7473 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need

  004:7472 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6c6f readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             5f00 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             655f readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need

  008:7272 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6f6e readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6c5f readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             636f readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need

  00c:7461 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6f69 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
               6e readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             656d readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need

  010:636d readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             7970 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6d00 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need
             6c61 readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need

  014:6f6c readelf: Error: Reading 16 bytes extends past end of file for version need aux (2)
readelf: Error: Reading 16 bytes extends past end of file for version need


Version needs section '.gnu.version_r' contains 1 entry:
 Addr: 0x00000000004005c0  Offset: 0x0005c0  Link: 5 (<corrupt>)
  000000: Version: 1  File:   Cnt: 2
  0x0010:   Name: tempnam  Flags: none  Version: 3
  0x0020:   Name: trdup  Flags: none  Version: 2

Displaying notes found in: .note.ABI-tag
  Owner                 Data size	Description
  GNU                  0x00000010	NT_GNU_ABI_TAG (ABI version tag)
    OS: Linux, ABI: 2.6.32

Primary GOT:
 Canonical gp value: 0000000000609ff0

 Reserved entries:
           Address     Access          Initial Purpose
  0000000000602000 -32752(gp) 0000000000601e28 Lazy resolver


=================================================================
==10625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 528 byte(s) in 1 object(s) allocated from:
    #0 0x4b91a8  (/root/binutils-2.31/binutils/readelf+0x4b91a8)
    #1 0x5d275a  (/root/binutils-2.31/binutils/readelf+0x5d275a)
    #2 0x50b810  (/root/binutils-2.31/binutils/readelf+0x50b810)
    #3 0x4ee043  (/root/binutils-2.31/binutils/readelf+0x4ee043)
    #4 0x7fa75797e82f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 528 byte(s) leaked in 1 allocation(s).
Comment 1 zerokeeper 2018-12-31 14:58:16 UTC
update,the first information, AddressSanitizer don't show the symbolize on stack traces,so i change a machine,rebuild binutils.

readelf: Error: =================================================================
==24023==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300000ef50 at pc 0x7f196b4121e9 bp 0x7ffc894f6a00 sp 0x7ffc894f6178
READ of size 2 at 0x60300000ef50 thread T0
    #0 0x7f196b4121e8  (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x601e8)
    #1 0x7f196b412bcc in vfprintf (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x60bcc)
    #2 0x5420b6 in error /root/fuzz/binutils-2.31/binutils/elfcomm.c:43
    #3 0x4a6311 in process_archive /root/fuzz/binutils-2.31/binutils/readelf.c:19092
    #4 0x404397 in process_file /root/fuzz/binutils-2.31/binutils/readelf.c:19247
    #5 0x404397 in main /root/fuzz/binutils-2.31/binutils/readelf.c:19318
    #6 0x7f196b00882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #7 0x404f78 in _start (/root/fuzz/binutils-2.31/binutils/readelf+0x404f78)

0x60300000ef50 is located 0 bytes inside of 19-byte region [0x60300000ef50,0x60300000ef63)
freed by thread T0 here:
    #0 0x7f196b44a2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
    #1 0x4a55ee in process_archive /root/fuzz/binutils-2.31/binutils/readelf.c:19178

previously allocated by thread T0 here:
    #0 0x7f196b44a602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x54b194 in make_qualified_name /root/fuzz/binutils-2.31/binutils/elfcomm.c:906

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
  0x0c067fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9dd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
=>0x0c067fff9de0: fd fa fa fa fd fd fd fd fa fa[fd]fd fd fa fa fa
  0x0c067fff9df0: fd fd fd fa fa fa 00 00 01 fa fa fa 00 00 00 fa
  0x0c067fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c067fff9e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==24023==ABORTING
Comment 2 zerokeeper 2018-12-31 15:47:18 UTC
update,update!i'm so sorry.the second comment is bug 24049,i comment worng.

this first comment AddressSanitizer symbolize

==14781==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 528 byte(s) in 1 object(s) allocated from:
    #0 0x7fc1cf81e602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x555afc in xmalloc xmalloc.c:147

SUMMARY: AddressSanitizer: 528 byte(s) leaked in 1 allocation(s).


now i fuzz a new poc to memory leak in readelf.c:425

➜  binutils-2.31 ./binutils/readelf -a binutils-readelf--memory-leak-filedata



ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              <unknown>: 1002
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x400720
  Start of program headers:          64 (bytes into file)
  Start of section headers:          28880 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         10
  Size of section headers:           64 (bytes)
  Number of section headers:         37
  Section header string table index: 34

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .intÿ             PROGBITS         0000000000400270  00000270
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             000000000040028c  0000028c
       0000000000000020  0000000000000000   A       0     0     4294967277
  [ 3] .gnu.hash
...........
...........
Version symbols section '.gnu.version' contains 11 entries:
 Addr: 0000000000400514  Offset: 0x000514  Link: 4 (.dynsym)
  000:   0 (*local*)       0 (*local*)       0 (*local*)       2 (GLIBCXX_3.4)
  004:   3 (GLIBC_2.2.5)   3 (GLIBC_2.2.5)   0 (*local*)       2 (GLIBCXX_3.4)
  008:   0 (*local*)       2 (GLIBCXX_3.4)   2 (GLIBCXX_3.4)

Version needs section '.gnu.version_r' contains 2 entries:
 Addr: 0x0000000000400530  Offset: 0x000530  Link: 5 (.dynstr)
  000000: Version: 1  File: libc.so.6  Cnt: 1
  0x0010:   Name: GLIBC_2.2.5  Flags: none  Version: 3
  0x0020: Version: 1  File: libstdc++.so.6  Cnt: 1
  0x0030:   Name: GLIBCXX_3.4  Flags: none  Version: 2

Displaying notes found in: .note.ABI-tag
readelf: Warning: Corrupt note: alignment 4294967277, expecting 4 or 8

=================================================================
==21374==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 33 byte(s) in 1 object(s) allocated from:
    #0 0x7f8f21c8b602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x425ffb in get_data /root/fuzz/binutils-2.31/binutils/readelf.c:425

SUMMARY: AddressSanitizer: 33 byte(s) leaked in 1 allocation(s).




here is code readelf.c:425

  410
   411	  if (fseek (filedata->handle, archive_file_offset + offset, SEEK_SET))
   412	    {
   413	      if (reason)
   414		error (_("Unable to seek to 0x%lx for %s\n"),
   415		       archive_file_offset + offset, reason);
   416	      return NULL;
   417	    }
   418
   419	  mvar = var;
   420	  if (mvar == NULL)
   421	    {
   422	      /* Check for overflow.  */
   423	      if (nmemb < (~(bfd_size_type) 0 - 1) / size)
   424		/* + 1 so that we can '\0' terminate invalid string table sections.  */
   425		mvar = malloc ((size_t) amt + 1);
   426
   427	      if (mvar == NULL)
   428		{
   429		  if (reason)
   430		    error (_("Out of memory allocating %s bytes for %s\n"),
   431			   bfd_vmatoa ("u", amt), reason);
   432		  return NULL;
   433		}
Comment 3 zerokeeper 2018-12-31 15:53:21 UTC
Created attachment 11504 [details]
binutils-readelf--memory-leak-filedata
Comment 4 Nick Clifton 2019-01-14 13:48:53 UTC
Hi zerokeeper,

  Thanks for reporting this problem.  Unfortunately it is not worth
  fixing.  The leaked memory only happens when readelf is displaying
  data on a corrupt binary - regular binaries will not cause readelf
  to leak memory.  Since  the memory is returned to the system when
  readelf exits, and readelf always does exit, there is no need to
  add in extra code just to handle this corner case.

Cheers
  Nick