New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2B memory leak while parsing crafted config #3322

Closed
geeknik opened this Issue Nov 28, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@geeknik

geeknik commented Nov 28, 2018

I did this

build libcurl with clang and address sanitizer
echo "VyAwClcgQA==" | base64 -d | tee curlrc
ASAN_OPTIONS=detect_leaks=1 ./curl -q -K curlrc file://dev/null

I saw the following

Warning: Failed to read curl: (3) URL using bad/illegal format or missing URL

=================================================================
==18378==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4b7190 in __strdup /b/swarming/w/ir/kitchen-workdir/src/third_party/llvm/compiler-rt/lib/asan/asan_interceptors.cc:463:3
    #1 0x50ab8c in getparameter /root/curl/src/tool_getparam.c:2078:9
    #2 0x526906 in parseconfig /root/curl/src/tool_parsecfg.c:217:13
    #3 0x50957e in getparameter /root/curl/src/tool_getparam.c:1784:10
    #4 0x512859 in parse_args /root/curl/src/tool_getparam.c:2184:18
    #5 0x515a32 in operate /root/curl/src/tool_operate.c:2033:26
    #6 0x514bd9 in main /root/curl/src/tool_main.c:326:14
    #7 0x7fe7e24e22e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).

curl/libcurl version

git 0fac7a1
curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.0f zlib/1.2.8
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy

operating system

Debian 9 x64

bagder added a commit that referenced this issue Nov 30, 2018

curl: fix memory leaks when reading from files
The file2memory and file2string functions are used for several commanad
line options when reading from files using the "@file" syntax.  If
another string had been set first, these functions would leak the
previously allocated memory.

Reported-by: Brian Carpenter
Fixes #3322

bagder added a commit that referenced this issue Nov 30, 2018

curl: fix memory leaks when reading from files
The file2memory and file2string functions are used for several commanad
line options when reading from files using the "@file" syntax.  If
another string had been set first, these functions would leak the
previously allocated memory.

Reported-by: Brian Carpenter
Fixes #3322

bagder added a commit that referenced this issue Nov 30, 2018

curl: fix memory leaks when reading from files
The file2memory and file2string functions are used for several commanad
line options when reading from files using the "@file" syntax.  If
another string had been set first, these functions would leak the
previously allocated memory.

Reported-by: Brian Carpenter
Fixes #3322

@bagder bagder closed this in 650281e Nov 30, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment