doh: memory leak in conjunction with proxy use #4463

pauldreik · 2019-10-04T12:11:15Z

I am running a modified version of the existing TLV http fuzzer (available here: https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer/src/networkfuzzers).
I have gotten a leak when using doh and setting proxy option CURLOPT_PROXY (here: https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer_tlv.cc#L291)

The fuzzer sets the following options:

CURLOPT_URL='127.0.1.127:55770\x00\xff                          '
CURLOPT_NOBODY='    ')
CURLOPT_FOLLOWLOCATION='    ')
CURLOPT_ACCEPT_ENCODING=''
CURLOPT_DOH_URL='*:2'
CURLOPT_PROXY='*:2\x00'

The fuzzer (server) replies with the following garbage (the snipped tail is probably irrelevant):

'HTTP/2.0 301    \nLocation:       \xff\n    \xff   ' (snipped, continuous with more of the same)

and I get a leak report at the bottom of the message.

This reproduces well (tested two different machines, several times).

To reproduce, build the fuzzers according to https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer#building and run (the provoking file is base64 encoded in the bottom of this report)

cd curl/build-fuzz-clang7-asan-ubsan
tests/curl_fuzzer_http läcka

paul@tonfisk:~/code/delaktig/curl/build-fuzz-clang7-asan-ubsan$ tests/curl_fuzzer_http läcka
INFO: Seed: 3909814624
INFO: Loaded 1 modules   (319542 inline 8-bit counters): 319542 [0x24af760, 0x24fd796), 
INFO: Loaded 1 PC tables (319542 PCs): 319542 [0x1898628,0x1d78988), 
tests/curl_fuzzer_http: Running 1 inputs 1 time(s) each.
Running: läcka

=================================================================
==16696==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 1472 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x7c6971 in Curl_ssl_initsessions /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/vtls/vtls.c:601:13
    #3 0xa5661d in Curl_pretransfer /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/transfer.c:1444:12
    #4 0x6254bf in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1487:16
    #5 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #6 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #7 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #8 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #9 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #10 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #11 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #12 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 240 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0xbe7011 in curl_url /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:964:10
    #3 0x96697e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1775:27
    #4 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #5 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #6 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #7 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #8 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #9 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #10 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #11 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #12 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #13 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #14 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 54 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x6849ff in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:92:19
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc035db in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:845:17
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x968d12 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1807:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbe6beb in Curl_parse_port /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:565:15
    #4 0xc059c1 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:923:14
    #5 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #6 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #7 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #8 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b977 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1857:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbed7bd in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1070:23
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b14e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1847:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc05cd2 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:936:15
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x6841c0 in Curl_slist_append_nodup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:66:14
    #3 0x684a3f in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:97:10
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: 47484 byte(s) leaked in 32 allocation(s).

The test case file (läcka):

AAEAAAAtMTI3LjAuMS4xMjc6NTU3NzAA/yAgICAgICAgICAgICAgICAgICAgICAgICAgAAIAAAAr
SFRUUC8yLjAgMzAxICAgIApMb2NhdGlvbjogICAgICAg/wogICAg/yAgIAARAAAAlyAgICAgICAg
ICAgICAgICAgICD/////////////////////////////////////////////////////////////
//////////////////////////8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAAEQAAAIEgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgIP8gICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/////////////////yAgICD//////yAgICAgICAAEQAAAHog
ICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICD/ICAgICAgICAgICAgICAg
ICAgICAgIAARAAAATSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgABEAAACVICAg/yAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAAEQAAAG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAAEQAAAFwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICD///8gICAg
ICAgIAARAAAAQSAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgABEAAAB0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICD///8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/
ICAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAADcgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgABEAAABlICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICAgICAgICAgICAAEQAAAHH/ICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAAXCAgICAgIP8gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgABEAAABYICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAASv8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAg/yAgICAgICAgICAgABEAAABWICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAg
ICAgICAg/yAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAAGAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAg
ICAgICAgICAgICAgICAgICAgICD//////////////yAgICAgICAAEQAAAFQgICD/ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICD/ICAAEQAAAFQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICD/ICAgICAgICAgICAAEQAAAGEgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgICAgABEAAACJICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgIP//ICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAAEQAAALQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICD/ICAgICAg/yAgICAgICAg//8gICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAAHAAAAAQgICAgAB0AAAAEICAgIAAeAAAAAAApAAAAAyo6
MgAqAAAABCo6MgA=

The text was updated successfully, but these errors were encountered:

pauldreik · 2019-10-20T10:42:11Z

I got blocked by this when trying to get the fuzzers running again. Here is a smaller testcase, as displayed by (a modified version of) read_corpus.py:

TLVHeader(type='CURLOPT_URL' (1), length=11, data='127.0.1.127')
TLVHeader(type='Server banner (sent on connection)' (2), length=27, data='HTTP/1.1 399 OK\nLocation:x\n')
TLVHeader(type='CURLOPT_FOLLOWLOCATION' (29), length=4, data='\x00\x00\x00\x01')
TLVHeader(type='CURLOPT_DOH_URL' (41), length=7, data='[::1]:2')
TLVHeader(type='CURLOPT_PROXY' (42), length=7, data='[::1]:2')

Here is the base64 encoded data:

AAEAAAALMTI3LjAuMS4xMjcAAgAAABtIVFRQLzEuMSAzOTkgT0sKTG9jYXRpb246eAoAHQAAAAQA
AAABACkAAAAHWzo6MV06MgAqAAAAB1s6OjFdOjI=

Any modification of the following makes it not reproduce:

Setting the ip address in the url to anything else than the 127.0.1.127
setting CURLOPT_DOH_URL different than CURLOPT_PROXY
using something else than the ipv6 form in CURLOPT_DOH_URL

I guess it is not a coincidence that 127.0.1.127 is also set in https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer.cc#L161

Any modification of the following, still reproduces the leak:

the location value (x)
the last two digits of the http code
the ip address of the CURLOPT_PROXY and CURLOPT_DOH_URL

Hopefully that can assist in explaining this. I tried to understand where to clean up the doh structure, but I failed. I guess all this is related to to some reuse, and the old doh data structure is not cleared before settting a new one. Or something along those lines.

bagder · 2019-10-25T12:39:12Z

This still requires that I build your custom fuzzer version, right?

pauldreik · 2019-10-25T14:23:44Z

This still requires that I build your custom fuzzer version, right?

Yes, unfortunately.

bagder · 2019-10-25T16:21:21Z

I needed to patch the build script, but after that I've reproduced the report - with debug symbols.

pauldreik · 2019-10-25T17:06:47Z

Good you could reproduce it!

Sorry the build script did not work, could you share what was wrong so I can fix it?

bagder · 2019-10-26T22:07:19Z

I need to pass on sanitize options to my linker as well so I had to do this patch (I'll submit a fix for the leak in a minute):

diff --git a/intree_fuzzer/scripts/build.sh b/intree_fuzzer/scripts/build.sh
index 871986f..fba2e02 100755
--- a/intree_fuzzer/scripts/build.sh
+++ b/intree_fuzzer/scripts/build.sh
@@ -73,11 +73,11 @@ case $tcname in
       ;;
    clang6-asan-ubsan)
       export CC=clang-6.0 CXX=clang++-6.0 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan)
-      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
+      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined" LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
       ;;
    clang8-asan-ubsan)
       export CC=clang-8 CXX=clang++-8 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan-O3)

If curl_multi_cleanup() is called without all DOH handles having been removed, make sure this is done or they will leak their memory. Reported-by: Paul Dreik Fixes #4463

pauldreik · 2019-10-27T05:55:47Z

Thanks for the fix! It fixes the leak, but unfortunately it introduces a use after free. Here is the use after free test case base64 encoded:

AAEAAAABUgApAAAABDQubEE=

Hmm your build script change looks obviously needed, how can the build have worked for me? I use Debian Buster, were you use Debian testing for this test?

bagder · 2019-10-27T16:46:24Z

I use debian unstable

... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463

... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463 Closes #4527

bagder · 2019-10-29T07:09:38Z

I'm pretty sure that my fix this time is good and should be landed no matter what, but I'll still wait a little longer for your feedback to see if there's any further polish you can think of or detect to be needed.

pauldreik · 2019-10-29T07:30:00Z

Thanks, I will give it a go as soon as I can (probably tonight).

pauldreik · 2019-10-29T18:24:40Z

Yep, merging ffc7526 fixes it!

bagder · 2019-10-29T21:49:05Z

Thanks!

bagder added memory-leak name lookup DNS and related tech labels Oct 4, 2019

pauldreik mentioned this issue Oct 20, 2019

Questions: Structure aware fuzzing, using internal functions and more curl/curl-fuzzer#32

Open

bagder added a commit that referenced this issue Oct 26, 2019

multi_cleanup: close leftover DOH handles

1833f2b

If curl_multi_cleanup() is called without all DOH handles having been removed, make sure this is done or they will leak their memory. Reported-by: Paul Dreik Fixes #4463

bagder mentioned this issue Oct 26, 2019

multi_cleanup: close leftover DOH handles #4527

Closed

bagder added a commit that referenced this issue Oct 27, 2019

url: Curl_free_request_state() should also free doh handles

b6faae0

... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463

bagder added a commit that referenced this issue Oct 28, 2019

url: Curl_free_request_state() should also free doh handles

ffc7526

... or risk DoH memory leaks. Reported-by: Paul Dreik Fixes #4463 Closes #4527

bagder closed this as completed in 0cbd6f8 Oct 29, 2019

pauldreik mentioned this issue Nov 13, 2019

doh: memory leak after followlocation #4592

Closed

lock bot locked as resolved and limited conversation to collaborators Jan 27, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

doh: memory leak in conjunction with proxy use #4463

doh: memory leak in conjunction with proxy use #4463

pauldreik commented Oct 4, 2019

pauldreik commented Oct 20, 2019 •

edited

Loading

bagder commented Oct 25, 2019

pauldreik commented Oct 25, 2019

bagder commented Oct 25, 2019

pauldreik commented Oct 25, 2019

bagder commented Oct 26, 2019

pauldreik commented Oct 27, 2019

bagder commented Oct 27, 2019

bagder commented Oct 29, 2019

pauldreik commented Oct 29, 2019

pauldreik commented Oct 29, 2019

bagder commented Oct 29, 2019

doh: memory leak in conjunction with proxy use #4463

doh: memory leak in conjunction with proxy use #4463

Comments

pauldreik commented Oct 4, 2019

pauldreik commented Oct 20, 2019 • edited Loading

bagder commented Oct 25, 2019

pauldreik commented Oct 25, 2019

bagder commented Oct 25, 2019

pauldreik commented Oct 25, 2019

bagder commented Oct 26, 2019

pauldreik commented Oct 27, 2019

bagder commented Oct 27, 2019

bagder commented Oct 29, 2019

pauldreik commented Oct 29, 2019

pauldreik commented Oct 29, 2019

bagder commented Oct 29, 2019

pauldreik commented Oct 20, 2019 •

edited

Loading