Skip to content

2B memory leak while parsing crafted config #3322

@geeknik

Description

@geeknik

I did this

build libcurl with clang and address sanitizer
echo "VyAwClcgQA==" | base64 -d | tee curlrc
ASAN_OPTIONS=detect_leaks=1 ./curl -q -K curlrc file://dev/null

I saw the following

Warning: Failed to read curl: (3) URL using bad/illegal format or missing URL

=================================================================
==18378==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4b7190 in __strdup /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/asan_interceptors.cc:463:3
    #1 0x50ab8c in getparameter /root/curl/src/tool_getparam.c:2078:9
    #2 0x526906 in parseconfig /root/curl/src/tool_parsecfg.c:217:13
    #3 0x50957e in getparameter /root/curl/src/tool_getparam.c:1784:10
    #4 0x512859 in parse_args /root/curl/src/tool_getparam.c:2184:18
    #5 0x515a32 in operate /root/curl/src/tool_operate.c:2033:26
    #6 0x514bd9 in main /root/curl/src/tool_main.c:326:14
    #7 0x7fe7e24e22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).

curl/libcurl version

git 0fac7a1
curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.0f zlib/1.2.8
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

operating system

Debian 9 x64

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions