otp icon indicating copy to clipboard operation
otp copied to clipboard
verified publisher icon erlang

Fix memory leak in dyn_erl.c --realpath code path

Open lawless-m opened this issue 3 weeks ago • 2 comments

The find_prog() function returns a strdup()'d string that must be freed by the caller. In the --realpath code path (line 365-373), the function returns early without freeing this allocated memory, causing ASAN to report a 57-byte leak during Erlang builds with AddressSanitizer enabled.

This leak prevents building Erlang/OTP with ASAN leak detection enabled, which is valuable for fuzzing and security research of Erlang applications with native C code.

In the normal execution path, this memory is correctly freed at line 403 with efree(abspath). This fix adds the same cleanup to the --realpath early return path.

Tested by building OTP 26.2.5.12 with CFLAGS="-fsanitize=address" and ASAN_OPTIONS="detect_leaks=1", which previously failed at this leak and now completes successfully.

lawless-m avatar Dec 06 '25 23:12 lawless-m

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Dec 06 '25 23:12 CLAassistant

CT Test Results

    3 files    135 suites   49m 51s ⏱️ 1 656 tests 1 599 ✅ 57 💤 0 ❌ 2 294 runs  2 218 ✅ 76 💤 0 ❌

Results for commit 72308bcd.

:recycle: This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

github-actions[bot] avatar Dec 06 '25 23:12 github-actions[bot]

Merged, thanks for the PR!

jhogberg avatar Dec 19 '25 10:12 jhogberg