[Bug libdw/28655] New: There seems to be a memory leak in file_read_elf

evvers at ya dot ru sourceware-bugzilla@sourceware.org
Mon Dec 6 11:52:07 GMT 2021


            Bug ID: 28655
           Summary: There seems to be a memory leak in file_read_elf
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libdw
          Assignee: unassigned at sourceware dot org
          Reporter: evvers at ya dot ru
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Created attachment 13823
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13823&action=edit
File triggering a memory leak

One of systemd fuzz targets discovered a memory leak in file_read_elf. It can
be reproduced by building the master branch of the elfutils repository and
passing the attachment to `./src/stack` run under Valgrind
autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=1
LD_PRELOAD="./libelf/libelf.so ./libdw/libdw.so" valgrind --leak-check=full
./src/stack --core ../oss-fuzz-41568
==63344== HEAP SUMMARY:
==63344==     in use at exit: 16,722,041 bytes in 108 blocks
==63344==   total heap usage: 4,580 allocs, 4,472 frees, 16,980,258 bytes
==63344== 264 bytes in 1 blocks are definitely lost in loss record 9 of 19
==63344==    at 0x4845464: calloc (vg_replace_malloc.c:1328)
==63344==    by 0x4855711: allocate_elf (common.h:74)
==63344==    by 0x4855711: file_read_elf (elf_begin.c:320)
==63344==    by 0x485607A: __libelf_read_mmaped_file (elf_begin.c:559)
==63344==    by 0x48C52AA: dwfl_segment_report_module
==63344==    by 0x48C7C87: dwfl_core_file_report@@ELFUTILS_0.158
==63344==    by 0x402EC6: parse_opt (stack.c:595)
==63344==    by 0x4C3AF81: argp_parse (in /usr/lib64/libc-2.33.so)
==63344==    by 0x4024EA: main (stack.c:695)
It was also reported in
==618914==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x526002 in __interceptor_calloc
    #1 0x636d4e in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x636d4e in file_read_elf /src/elfutils/libelf/elf_begin.c:320:14
    #3 0x6362aa in __libelf_read_mmaped_file
    #4 0x64ba42 in elf_memory /src/elfutils/libelf/elf_memory.c:49:10
    #5 0x5f9867 in dwfl_segment_report_module
    #6 0x567135 in dwfl_core_file_report
    #7 0x55f280 in LLVMFuzzerTestOneInput /src/fuzz-dwfl-core.c:52:6
    #8 0x456ca3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) cxa_noexception.cpp:0
    #9 0x4425b2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned
long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #10 0x44807a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
const*, unsigned long)) cxa_noexception.cpp:0
    #11 0x470fa2 in main
    #12 0x7fe13555c0b2 in __libc_start_main

You are receiving this mail because:
You are on the CC list for the bug.

More information about the Elfutils-devel mailing list