Bug 25249 - Memory leak in microblaze-dis.c
Summary: Memory leak in microblaze-dis.c
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.34
: P2 normal
Target Milestone: 2.34
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-04 11:45 UTC by Skyvast
Modified: 2019-12-05 04:53 UTC (History)
0 users

See Also:
Host:
Target: microblaze-*-*
Build:
Last reconfirmed: 2019-12-05 00:00:00


Attachments
Compile binutils with ASAN, and read this file as input. (16 bytes, application/octet-stream)
2019-12-04 11:45 UTC, Skyvast
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Skyvast 2019-12-04 11:45:24 UTC
Created attachment 12106 [details]
Compile binutils with ASAN, and read this file as input.

ASAN log:

==60==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 3 byte(s) in 1 object(s) allocated from:
    #0 0x483514 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
    #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11
    #2 0x6e6826 in print_insn_microblaze /src/binutils-gdb/opcodes/microblaze-dis.c
    #3 0x4ca15d in LLVMFuzzerTestOneInput /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13
    #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #5 0x4cb0af in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
    #6 0x4d8d12 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
    #7 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #8 0x7f801cfda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 3 byte(s) in 1 object(s) allocated from:
    #0 0x483514 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
    #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11
    #2 0x6e64b9 in print_insn_microblaze /src/binutils-gdb/opcodes/microblaze-dis.c:296:36
    #3 0x4ca15d in LLVMFuzzerTestOneInput /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13
    #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15
    #5 0x4cb0af in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/libfuzzer/FuzzerDriver.cpp:292:6
    #6 0x4d8d12 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:774:9
    #7 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10
    #8 0x7f801cfda82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 6 byte(s) leaked in 2 allocation(s).

Code here:

      int print_insn_microblaze(bfd_vma memaddr, struct disassemble_info * info):  
     .......
     .......
     case INST_TYPE_RD_R1:
          print_func (stream, "\t%s, %s", get_field_rd (inst), get_field_r1 (inst));
     .......
Comment 1 Alan Modra 2019-12-05 03:44:19 UTC
Thanks, a useful leak report, rather than just the odd buffer not freed on exit.  This one will consume memory on each insn disassembled.
Comment 2 Sourceware Commits 2019-12-05 04:31:49 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=378fd436405b3051df34ac995b2e03fe1f3d1907

commit 378fd436405b3051df34ac995b2e03fe1f3d1907
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Dec 5 14:42:44 2019 +1030

    PR25249, Memory leak in microblaze-dis.c
    
    	PR 25249
    	* microblaze-dis.c (NUM_STRBUFS, STRBUF_SIZE): Define.
    	(struct string_buf): New.
    	(strbuf): New function.
    	(get_field): Use strbuf rather than strdup of local temp.
    	(get_field_imm, get_field_imm5, get_field_imm5_mbar): Likewise.
    	(get_field_rfsl, get_field_imm15): Likewise.
    	(get_field_rd, get_field_r1, get_field_r2): Update macros.
    	(get_field_special): Likewise.  Don't strcpy spr.  Formatting.
    	(print_insn_microblaze): Formatting.  Init and pass string_buf to
    	get_field functions.
Comment 3 Alan Modra 2019-12-05 04:42:02 UTC
Fixed
Comment 4 Skyvast 2019-12-05 04:53:06 UTC
Thanks for your work!
Credits by ADLab.