memory leak when using fy_node_by_path with flag FYNWF_PTR_YPATH

Open rivit98 opened this issue 11 months ago • 0 comments

Hi, I found the following problem while fuzzing libfyaml

Code version

6e52e4d8b6adb01cc2fc377fab7b7fd523364438

How to reproduce

#include <stdio.h>
#include <libfyaml.h>

int main(int argc, char **argv) {
  struct fy_document *fyd = NULL;

  int flags = FYNWF_PTR_YPATH;

  fyd = fy_document_create(NULL);
  struct fy_node *fyn = fy_node_create_sequence(fyd);
  assert(fyn);
  fy_document_set_root(fyd, fyn);
  struct fy_node *root = fy_document_root(fyd);
  assert(root);

  char data[] = "\x37\x40\x00";
  struct fy_node *node = fy_node_by_path(root, data, FY_NT, flags);
  printf("node: %p\n", node);
  fy_document_destroy(fyd);
}

compile & link with fuzzer support. Run and observe ASAN output:

==2300344==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x59f19a2f4313 in malloc (/home/rivit/workspace/fuzzing/libfyaml/build/nofuzz+0x1ad313) (BuildId: 3ecbadf8c8d7ba7a43db64ce0d9a229f5c2bc772)
    #1 0x59f19a504098 in fy_walk_result_alloc_rl /home/rivit/workspace/fuzzing/libfyaml/src/lib/fy-walk.c:143:9

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x59f19a2f4313 in malloc (/home/rivit/workspace/fuzzing/libfyaml/build/nofuzz+0x1ad313) (BuildId: 3ecbadf8c8d7ba7a43db64ce0d9a229f5c2bc772)
    #1 0x59f19a537253 in fy_path_exec_create /home/rivit/workspace/fuzzing/libfyaml/src/lib/fy-walk.c:3774:9

SUMMARY: AddressSanitizer: 104 byte(s) leaked in 2 allocation(s).

Jan 20 '25 22:01 rivit98