From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D7D863858C60; Mon,  6 Dec 2021 11:52:07 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D7D863858C60
From: "evvers at ya dot ru" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug libdw/28655] New: There seems to be a memory leak in
 file_read_elf
Date: Mon, 06 Dec 2021 11:52:07 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: elfutils
X-Bugzilla-Component: libdw
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: evvers at ya dot ru
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter cc target_milestone
 attachments.created
Message-ID: <bug-28655-10460@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2021 11:52:07 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D28655

            Bug ID: 28655
           Summary: There seems to be a memory leak in file_read_elf
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libdw
          Assignee: unassigned at sourceware dot org
          Reporter: evvers at ya dot ru
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

Created attachment 13823
  --> https://sourceware.org/bugzilla/attachment.cgi?id=3D13823&action=3Ded=
it
File triggering a memory leak

One of systemd fuzz targets discovered a memory leak in file_read_elf. It c=
an
be reproduced by building the master branch of the elfutils repository and
passing the attachment to `./src/stack` run under Valgrind
```
autoreconf -i -f
./configure --enable-maintainer-mode
make -j$(nproc) V=3D1
LD_PRELOAD=3D"./libelf/libelf.so ./libdw/libdw.so" valgrind --leak-check=3D=
full
./src/stack --core ../oss-fuzz-41568
...
=3D=3D63344=3D=3D HEAP SUMMARY:
=3D=3D63344=3D=3D     in use at exit: 16,722,041 bytes in 108 blocks
=3D=3D63344=3D=3D   total heap usage: 4,580 allocs, 4,472 frees, 16,980,258=
 bytes
allocated
=3D=3D63344=3D=3D
=3D=3D63344=3D=3D 264 bytes in 1 blocks are definitely lost in loss record =
9 of 19
=3D=3D63344=3D=3D    at 0x4845464: calloc (vg_replace_malloc.c:1328)
=3D=3D63344=3D=3D    by 0x4855711: allocate_elf (common.h:74)
=3D=3D63344=3D=3D    by 0x4855711: file_read_elf (elf_begin.c:320)
=3D=3D63344=3D=3D    by 0x485607A: __libelf_read_mmaped_file (elf_begin.c:5=
59)
=3D=3D63344=3D=3D    by 0x48C52AA: dwfl_segment_report_module
(dwfl_segment_report_module.c:955)
=3D=3D63344=3D=3D    by 0x48C7C87: dwfl_core_file_report@@ELFUTILS_0.158
(core-file.c:559)
=3D=3D63344=3D=3D    by 0x402EC6: parse_opt (stack.c:595)
=3D=3D63344=3D=3D    by 0x4C3AF81: argp_parse (in /usr/lib64/libc-2.33.so)
=3D=3D63344=3D=3D    by 0x4024EA: main (stack.c:695)
=3D=3D63344=3D=3D
```
It was also reported in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3D41568
```
=3D=3D618914=3D=3DERROR: LeakSanitizer: detected memory leaks
Direct leak of 264 byte(s) in 1 object(s) allocated from:
    #0 0x526002 in __interceptor_calloc
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:138:3
    #1 0x636d4e in allocate_elf /src/elfutils/libelf/common.h:74:17
    #2 0x636d4e in file_read_elf /src/elfutils/libelf/elf_begin.c:320:14
    #3 0x6362aa in __libelf_read_mmaped_file
/src/elfutils/libelf/elf_begin.c:559:14
    #4 0x64ba42 in elf_memory /src/elfutils/libelf/elf_memory.c:49:10
    #5 0x5f9867 in dwfl_segment_report_module
/src/elfutils/libdwfl/dwfl_segment_report_module.c:955:13
    #6 0x567135 in dwfl_core_file_report
/src/elfutils/libdwfl/core-file.c:559:17
    #7 0x55f280 in LLVMFuzzerTestOneInput /src/fuzz-dwfl-core.c:52:6
    #8 0x456ca3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) cxa_noexception.cpp:0
    #9 0x4425b2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned
long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #10 0x44807a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned ch=
ar
const*, unsigned long)) cxa_noexception.cpp:0
    #11 0x470fa2 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7fe13555c0b2 in __libc_start_main
/build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
```

--=20
You are receiving this mail because:
You are on the CC list for the bug.=