[Bug libdw/28655] New: There seems to be a memory leak in file_read_elf

[Bug libdw/28655] New: There seems to be a memory leak in file_read_elf

[evvers at ya dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=28655

            Bug ID: 28655
           Summary: There seems to be a memory leak in file_read_elf
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libdw
          Assignee: unassigned at sourceware dot org
          Reporter: evvers at ya dot ru
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Created attachment 13823
  --> https://sourceware.org/bugzilla/attachment.cgi?id=13823&action=edit
File triggering a memory leak

One of systemd fuzz targets discovered a memory leak in file_read_elf. It can
be reproduced by building the master branch of the elfutils repository and
passing the attachment to `./src/stack` run under Valgrind
```
autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=1
LD_PRELOAD="./libelf/libelf.so ./libdw/libdw.so" valgrind --leak-check=full
./src/stack --core ../oss-fuzz-41568
...
==63344== HEAP SUMMARY:
==63344==     in use at exit: 16,722,041 bytes in 108 blocks
==63344==   total heap usage: 4,580 allocs, 4,472 frees, 16,980,258 bytes
allocated
==63344==
==63344== 264 bytes in 1 blocks are definitely lost in loss record 9 of 19
==63344==    at 0x4845464: calloc (vg_replace_malloc.c:1328)
==63344==    by 0x4855711: allocate_elf (common.h:74)
==63344==    by 0x4855711: file_read_elf (elf_begin.c:320)
==63344==    by 0x485607A: __libelf_read_mmaped_file (elf_begin.c:559)
==63344==    by 0x48C52AA: dwfl_segment_report_module
(dwfl_segment_report_module.c:955)
==63344==    by 0x48C7C87: dwfl_core_file_report@@ELFUTILS_0.158
(core-file.c:559)
==63344==    by 0x402EC6: parse_opt (stack.c:595)
==63344==    by 0x4C3AF81: argp_parse (in /usr/lib64/libc-2.33.so)
==63344==    by 0x4024EA: main (stack.c:695)
==63344==
```
It was also reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41568
```
==618914==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x526002 in __interceptor_calloc
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x636d4e in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x636d4e in file_read_elf /src/elfutils/libelf/elf_begin.c:320:14
    #3 0x6362aa in __libelf_read_mmaped_file
/src/elfutils/libelf/elf_begin.c:559:14
    #4 0x64ba42 in elf_memory /src/elfutils/libelf/elf_memory.c:49:10
    #5 0x5f9867 in dwfl_segment_report_module
/src/elfutils/libdwfl/dwfl_segment_report_module.c:955:13
    #6 0x567135 in dwfl_core_file_report
/src/elfutils/libdwfl/core-file.c:559:17
    #7 0x55f280 in LLVMFuzzerTestOneInput /src/fuzz-dwfl-core.c:52:6
    #8 0x456ca3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) cxa_noexception.cpp:0
    #9 0x4425b2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned
long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #10 0x44807a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char
const*, unsigned long)) cxa_noexception.cpp:0
    #11 0x470fa2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7fe13555c0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libdw/28655] There seems to be a memory leak in file_read_elf

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28655

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org
             Status|UNCONFIRMED                 |ASSIGNED
     Ever confirmed|0                           |1
           Assignee|unassigned at sourceware dot org   |mark at klomp dot org
   Last reconfirmed|                            |2021-12-08

--- Comment #1 from Mark Wielaard <mark at klomp dot org> ---
Proposed patch:
https://sourceware.org/pipermail/elfutils-devel/2021q4/004480.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libdw/28655] There seems to be a memory leak in file_read_elf

[evvers at ya dot ru]

https://sourceware.org/bugzilla/show_bug.cgi?id=28655

--- Comment #2 from Evgeny Vereshchagin <evvers at ya dot ru> ---
I can't seem to reproduce that memory leak anymore. Thanks!

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libdw/28655] There seems to be a memory leak in file_read_elf

[mark at klomp dot org]

https://sourceware.org/bugzilla/show_bug.cgi?id=28655

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Thanks for testing, pushed as:

commit 98e7adf70896ac179258d41c2aac38e9e91614bb
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed Dec 8 23:44:34 2021 +0100

    libdwfl: Don't install an Elf handle in a Dwfl_Module twice

    dwfl_segment_report_module can be called with the same module
    name, start and end address twice (probably because of a corrupt
    core file). In that case don't override the main.elf handle if
    it already exists.

    https://sourceware.org/bugzilla/show_bug.cgi?id=28655

    Signed-off-by: Mark Wielaard <mark@klomp.org>

-- 
You are receiving this mail because:
You are on the CC list for the bug.