Created attachment 12106 [details] Compile binutils with ASAN, and read this file as input. ASAN log: ==60==ERROR: LeakSanitizer: detected memory leaks Direct leak of 3 byte(s) in 1 object(s) allocated from: #0 0x483514 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3 #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11 #2 0x6e6826 in print_insn_microblaze /src/binutils-gdb/opcodes/microblaze-dis.c #3 0x4ca15d in LLVMFuzzerTestOneInput /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13 #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 #5 0x4cb0af in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6 #6 0x4d8d12 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9 #7 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 #8 0x7f801cfda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) Direct leak of 3 byte(s) in 1 object(s) allocated from: #0 0x483514 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3 #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11 #2 0x6e64b9 in print_insn_microblaze /src/binutils-gdb/opcodes/microblaze-dis.c:296:36 #3 0x4ca15d in LLVMFuzzerTestOneInput /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13 #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 #5 0x4cb0af in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6 #6 0x4d8d12 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9 #7 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 #8 0x7f801cfda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) SUMMARY: AddressSanitizer: 6 byte(s) leaked in 2 allocation(s). Code here: int print_insn_microblaze(bfd_vma memaddr, struct disassemble_info * info): ....... ....... case INST_TYPE_RD_R1: print_func (stream, "\t%s, %s", get_field_rd (inst), get_field_r1 (inst)); .......
Thanks, a useful leak report, rather than just the odd buffer not freed on exit. This one will consume memory on each insn disassembled.
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=378fd436405b3051df34ac995b2e03fe1f3d1907 commit 378fd436405b3051df34ac995b2e03fe1f3d1907 Author: Alan Modra <amodra@gmail.com> Date: Thu Dec 5 14:42:44 2019 +1030 PR25249, Memory leak in microblaze-dis.c PR 25249 * microblaze-dis.c (NUM_STRBUFS, STRBUF_SIZE): Define. (struct string_buf): New. (strbuf): New function. (get_field): Use strbuf rather than strdup of local temp. (get_field_imm, get_field_imm5, get_field_imm5_mbar): Likewise. (get_field_rfsl, get_field_imm15): Likewise. (get_field_rd, get_field_r1, get_field_r2): Update macros. (get_field_special): Likewise. Don't strcpy spr. Formatting. (print_insn_microblaze): Formatting. Init and pass string_buf to get_field functions.
Fixed
Thanks for your work! Credits by ADLab.