bug-cflow
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Report cflow 1.7 Memory Leak Vulnerablity

From: Jingqi Long
Subject: Report cflow 1.7 Memory Leak Vulnerablity
Date: Mon, 13 Feb 2023 14:25:18 +0800
Hi, developers of cflow:
  In the test of the binary cflow instrumented with ASAN. There are some inputs causing memory leak. Here is the ASAN mode output:

./cflow:/root/input/cflow-leak:109: unterminated string?
./cflow:/root/input/cflow-leak:110: unterminated string?
./cflow:/root/input/cflow-leak:111: unterminated string?
./cflow:/root/input/cflow-leak:112: unterminated string?
./cflow:/root/input/cflow-leak:113: unterminated string?
./cflow:/root/input/cflow-leak:114: unterminated string?
./cflow:/root/input/cflow-leak:115: unterminated string?
./cflow:/root/input/cflow-leak:116: unterminated string?
./cflow:/root/input/cflow-leak:117: unterminated string?
./cflow:/root/input/cflow-leak:118: unterminated string?
./cflow:/root/input/cflow-leak:119: unterminated string?
./cflow:/root/input/cflow-leak:120: unterminated string?
./cflow:/root/input/cflow-leak:121: unterminated string?
./cflow:/root/input/cflow-leak:122: unterminated string?
./cflow:/root/input/cflow-leak:123: unterminated string?
./cflow:/root/input/cflow-leak:124: unterminated string?
./cflow:/root/input/cflow-leak:125: unterminated string?
./cflow:/root/input/cflow-leak:126: unterminated string?
./cflow:/root/input/cflow-leak:127: unterminated string?
./cflow:/root/input/cflow-leak:128: unterminated string?
./cflow:/root/input/cflow-leak:129: unterminated string?
./cflow:/root/input/cflow-leak:130: unterminated string?
./cflow:/root/input/cflow-leak:131: unterminated string?
./cflow:/root/input/cflow-leak:132: unterminated string?
./cflow:/root/input/cflow-leak:133: unterminated string?
./cflow:/root/input/cflow-leak:134: unterminated string?
./cflow:/root/input/cflow-leak:135: unterminated string?
./cflow:/root/input/cflow-leak:136: unterminated string?
./cflow:/root/input/cflow-leak:137: unterminated string?
./cflow:/root/input/cflow-leak:138: unterminated string?
./cflow:/root/input/cflow-leak:139: unterminated string?
./cflow:/root/input/cflow-leak:140: unterminated string?
./cflow:/root/input/cflow-leak:141: unterminated string?
./cflow:/root/input/cflow-leak:142: unterminated string?
./cflow:/root/input/cflow-leak:143: unterminated string?
./cflow:/root/input/cflow-leak:144: unterminated string?
./cflow:/root/input/cflow-leak:145: unterminated string?
./cflow:/root/input/cflow-leak:146: unterminated string?
./cflow:/root/input/cflow-leak:147: unterminated string?
./cflow:/root/input/cflow-leak:148: unterminated string?
./cflow:/root/input/cflow-leak:149: unterminated string?
./cflow:/root/input/cflow-leak:150: unterminated string?
./cflow:/root/input/cflow-leak:151: unterminated string?
./cflow:/root/input/cflow-leak:152: unterminated string?
./cflow:/root/input/cflow-leak:153: unterminated string?
./cflow:/root/input/cflow-leak:154: unterminated string?
./cflow:/root/input/cflow-leak:155: unterminated string?
./cflow:/root/input/cflow-leak:156: unterminated string?
./cflow:/root/input/cflow-leak:157: unterminated string?
./cflow:/root/input/cflow-leak:158: unterminated string?
./cflow:/root/input/cflow-leak:159: unterminated string?
./cflow:/root/input/cflow-leak:160: unterminated string?
./cflow:/root/input/cflow-leak:161: unterminated string?
./cflow:/root/input/cflow-leak:162: unterminated string?
./cflow:/root/input/cflow-leak:163: unterminated string?
./cflow:/root/input/cflow-leak:164: unterminated string?
./cflow:/root/input/cflow-leak:165: unterminated string?
./cflow:/root/input/cflow-leak:166: unterminated string?
./cflow:/root/input/cflow-leak:167: unterminated string?
./cflow:/root/input/cflow-leak:168: unterminated string?
./cflow:/root/input/cflow-leak:169: unterminated string?
./cflow:/root/input/cflow-leak:170: unterminated string?
./cflow:/root/input/cflow-leak:171: unterminated string?
./cflow:/root/input/cflow-leak:172: unterminated string?
./cflow:/root/input/cflow-leak:173: unterminated string?
./cflow:/root/input/cflow-leak:174: unterminated string?

 

=================================================================
==14542==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4aed82 in malloc /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145
    #1 0x557264 in xmalloc (/root/cflow/src/cflow+0x557264)
    #2 0x51c5ca in sourcerc (/root/cflow/src/cflow+0x51c5ca)
    #3 0x50a924 in main (/root/cflow/src/cflow+0x50a924)
    #4 0x7fd0d784083f in __libc_start_main /build/glibc-S7Ft5T/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).

Crash Input
https://github.com/17ssDP/fuzzer_crashes/blob/main/cflow/cflow-leak

Validation steps
git clone git://git.savannah.gnu.org/cflow.git
cd cflow
CC=clang CXX=clang++ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" ./configure --disable-shared
make -j
./src/cflow cflow-leak
 
Environment
Ubuntu 16.04
Clang 10.0.1
gcc 5.5 
reply via email to
[Prev in Thread] Current Thread [Next in Thread]