Hi Xiaohan, Are you running the fuzz target from ? https://github.com/google/oss-fuzz/blob/master/projects/binutils/fuzz_disassemble.c Did you apply this patch before compiling it ? https://github.com/google/oss-fuzz/blob/master/projects/binutils/patch.diff
Cheers, Philippe > Le 4 déc. 2019 à 12:14, Xiaohan Wu <wu610777...@gmail.com> a écrit : > > Hello, I got a memory leak bug in binutils. > > ASAN log: > > ==29347==ERROR: LeakSanitizer: detected memory leaks > > Direct leak of 3 byte(s) in 1 object(s) allocated from: > #0 0x483514 in __strdup > /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3 > #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11 > #2 0x6e6826 in print_insn_microblaze > /src/binutils-gdb/opcodes/microblaze-dis.c > #3 0x4ca15d in LLVMFuzzerTestOneInput > /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13 > #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, > unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 > #5 0x516ee0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned > long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3 > #6 0x51c4bf in fuzzer::Fuzzer::MutateAndTestOne() > /src/libfuzzer/FuzzerLoop.cpp:698:19 > #7 0x51fcfd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, > fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) > /src/libfuzzer/FuzzerLoop.cpp:830:5 > #8 0x4d8f81 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char > const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6 > #9 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 > #10 0x7f6ac80e982f in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) > > Direct leak of 3 byte(s) in 1 object(s) allocated from: > #0 0x483514 in __strdup > /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3 > #1 0x6e76d0 in get_field /src/binutils-gdb/opcodes/microblaze-dis.c:46:11 > #2 0x6e64b9 in print_insn_microblaze > /src/binutils-gdb/opcodes/microblaze-dis.c:296:36 > #3 0x4ca15d in LLVMFuzzerTestOneInput > /src/binutils-gdb/fuzz/fuzz_disassemble.c:71:13 > #4 0x51a8c6 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, > unsigned long) /src/libfuzzer/FuzzerLoop.cpp:556:15 > #5 0x516ee0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned > long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:470:3 > #6 0x51c4bf in fuzzer::Fuzzer::MutateAndTestOne() > /src/libfuzzer/FuzzerLoop.cpp:698:19 > #7 0x51fcfd in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, > fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) > /src/libfuzzer/FuzzerLoop.cpp:830:5 > #8 0x4d8f81 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char > const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:824:6 > #9 0x4ca6f7 in main /src/libfuzzer/FuzzerMain.cpp:19:10 > #10 0x7f6ac80e982f in __libc_start_main > (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) > > SUMMARY: AddressSanitizer: 6 byte(s) leaked in 2 allocation(s). > INFO: to ignore leaks on libFuzzer side use -detect_leaks=0. > > MS: 1 ChangeByte-; base unit: a1be622c3abbca83b3dff1e93a6b232e18dd7e98 > 0xc6,0xc,0x0,0x4,0x26,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x50, > \xc6\x0c\x00\x04&\x00\x00\x00\x00\x00\x00\x00\x00P > artifact_prefix='./'; Test unit written to > ./leak-0dbec89599a608e357f7a41d42cc041ae064df6a > Base64: xgwABCYAAAAAAAAAAFA= > > > And leak file attached. > > Yours, > Skyvast > > <leak-0dbec89599a608e357f7a41d42cc041ae064df6a>
smime.p7s
Description: S/MIME cryptographic signature
