memory leak when using fy_path_expr_build_from_string

Open rivit98 opened this issue 11 months ago • 0 comments

Hi, I found the following problem while fuzzing libfyaml

Code version

6e52e4d8b6adb01cc2fc377fab7b7fd523364438

How to reproduce

#include <stdio.h>
#include <libfyaml.h>

int main(int argc, char **argv) {
  char data[] = "\x7f\x00";
  struct fy_path_expr *expr = fy_path_expr_build_from_string(NULL, data, -1);
  fy_path_expr_free(expr);
}

compile & link with fuzzer support. Run and observe ASAN output:

==707088==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 208 byte(s) in 1 object(s) allocated from:
    #0 0x643982d9c313 in malloc (/home/rivit/workspace/fuzzing/libfyaml/build/nofuzz+0x1ad313) (BuildId: e82d9f92aaaaa63007d92dc146fc75c23f8429da)
    #1 0x643982f94c12 in fy_token_alloc_rl /home/rivit/workspace/fuzzing/libfyaml/src/lib/fy-token.h:164:9
    #2 0x643982f94c12 in fy_token_vcreate_rl /home/rivit/workspace/fuzzing/libfyaml/src/lib/fy-token.c:407:8

Indirect leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x643982d9c313 in malloc (/home/rivit/workspace/fuzzing/libfyaml/build/nofuzz+0x1ad313) (BuildId: e82d9f92aaaaa63007d92dc146fc75c23f8429da)
    #1 0x643982ea6c8d in fy_input_alloc /home/rivit/workspace/fuzzing/libfyaml/src/lib/fy-input.c:44:8

SUMMARY: AddressSanitizer: 408 byte(s) leaked in 2 allocation(s).

Feb 01 '25 23:02 rivit98