Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doh: memory leak in conjunction with proxy use #4463

Closed
pauldreik opened this issue Oct 4, 2019 · 12 comments

Comments

@pauldreik
Copy link
Contributor

@pauldreik pauldreik commented Oct 4, 2019

I am running a modified version of the existing TLV http fuzzer (available here: https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer/src/networkfuzzers).
I have gotten a leak when using doh and setting proxy option CURLOPT_PROXY (here: https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer_tlv.cc#L291)

The fuzzer sets the following options:

CURLOPT_URL='127.0.1.127:55770\x00\xff                          '
CURLOPT_NOBODY='    ')
CURLOPT_FOLLOWLOCATION='    ')
CURLOPT_ACCEPT_ENCODING=''
CURLOPT_DOH_URL='*:2'
CURLOPT_PROXY='*:2\x00'

The fuzzer (server) replies with the following garbage (the snipped tail is probably irrelevant):

'HTTP/2.0 301    \nLocation:       \xff\n    \xff   ' (snipped, continuous with more of the same)

and I get a leak report at the bottom of the message.

This reproduces well (tested two different machines, several times).

To reproduce, build the fuzzers according to https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer#building and run (the provoking file is base64 encoded in the bottom of this report)

cd curl/build-fuzz-clang7-asan-ubsan
tests/curl_fuzzer_http läcka
paul@tonfisk:~/code/delaktig/curl/build-fuzz-clang7-asan-ubsan$ tests/curl_fuzzer_http läcka
INFO: Seed: 3909814624
INFO: Loaded 1 modules   (319542 inline 8-bit counters): 319542 [0x24af760, 0x24fd796), 
INFO: Loaded 1 PC tables (319542 PCs): 319542 [0x1898628,0x1d78988), 
tests/curl_fuzzer_http: Running 1 inputs 1 time(s) each.
Running: läcka

=================================================================
==16696==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 1472 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x7c6971 in Curl_ssl_initsessions /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/vtls/vtls.c:601:13
    #3 0xa5661d in Curl_pretransfer /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/transfer.c:1444:12
    #4 0x6254bf in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1487:16
    #5 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #6 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #7 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #8 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #9 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #10 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #11 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #12 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 240 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0xbe7011 in curl_url /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:964:10
    #3 0x96697e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1775:27
    #4 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #5 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #6 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #7 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #8 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #9 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #10 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #11 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #12 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #13 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #14 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 54 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x6849ff in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:92:19
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc035db in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:845:17
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x968d12 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1807:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbe6beb in Curl_parse_port /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:565:15
    #4 0xc059c1 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:923:14
    #5 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #6 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #7 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #8 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b977 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1857:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbed7bd in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1070:23
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b14e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1847:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc05cd2 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:936:15
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x6841c0 in Curl_slist_append_nodup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:66:14
    #3 0x684a3f in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:97:10
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: 47484 byte(s) leaked in 32 allocation(s).

The test case file (läcka):

AAEAAAAtMTI3LjAuMS4xMjc6NTU3NzAA/yAgICAgICAgICAgICAgICAgICAgICAgICAgAAIAAAAr
SFRUUC8yLjAgMzAxICAgIApMb2NhdGlvbjogICAgICAg/wogICAg/yAgIAARAAAAlyAgICAgICAg
ICAgICAgICAgICD/////////////////////////////////////////////////////////////
//////////////////////////8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAAEQAAAIEgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgIP8gICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/////////////////yAgICD//////yAgICAgICAAEQAAAHog
ICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICD/ICAgICAgICAgICAgICAg
ICAgICAgIAARAAAATSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgABEAAACVICAg/yAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAAEQAAAG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAAEQAAAFwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICD///8gICAg
ICAgIAARAAAAQSAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgABEAAAB0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICD///8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/
ICAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAADcgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgABEAAABlICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICAgICAgICAgICAAEQAAAHH/ICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAAXCAgICAgIP8gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgABEAAABYICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAASv8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAg/yAgICAgICAgICAgABEAAABWICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAg
ICAgICAg/yAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAAGAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAg
ICAgICAgICAgICAgICAgICAgICD//////////////yAgICAgICAAEQAAAFQgICD/ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICD/ICAAEQAAAFQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICD/ICAgICAgICAgICAAEQAAAGEgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgICAgABEAAACJICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgIP//ICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAAEQAAALQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICD/ICAgICAg/yAgICAgICAg//8gICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAAHAAAAAQgICAgAB0AAAAEICAgIAAeAAAAAAApAAAAAyo6
MgAqAAAABCo6MgA=
@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 20, 2019

I got blocked by this when trying to get the fuzzers running again. Here is a smaller testcase, as displayed by (a modified version of) read_corpus.py:

TLVHeader(type='CURLOPT_URL' (1), length=11, data='127.0.1.127')
TLVHeader(type='Server banner (sent on connection)' (2), length=27, data='HTTP/1.1 399 OK\nLocation:x\n')
TLVHeader(type='CURLOPT_FOLLOWLOCATION' (29), length=4, data='\x00\x00\x00\x01')
TLVHeader(type='CURLOPT_DOH_URL' (41), length=7, data='[::1]:2')
TLVHeader(type='CURLOPT_PROXY' (42), length=7, data='[::1]:2')

Here is the base64 encoded data:

AAEAAAALMTI3LjAuMS4xMjcAAgAAABtIVFRQLzEuMSAzOTkgT0sKTG9jYXRpb246eAoAHQAAAAQA
AAABACkAAAAHWzo6MV06MgAqAAAAB1s6OjFdOjI=

Any modification of the following makes it not reproduce:

  • Setting the ip address in the url to anything else than the 127.0.1.127
  • setting CURLOPT_DOH_URL different than CURLOPT_PROXY
  • using something else than the ipv6 form in CURLOPT_DOH_URL

I guess it is not a coincidence that 127.0.1.127 is also set in https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer.cc#L161

Any modification of the following, still reproduces the leak:

  • the location value (x)
  • the last two digits of the http code
  • the ip address of the CURLOPT_PROXY and CURLOPT_DOH_URL

Hopefully that can assist in explaining this. I tried to understand where to clean up the doh structure, but I failed. I guess all this is related to to some reuse, and the old doh data structure is not cleared before settting a new one. Or something along those lines.

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 25, 2019

This still requires that I build your custom fuzzer version, right?

@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 25, 2019

This still requires that I build your custom fuzzer version, right?

Yes, unfortunately.

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 25, 2019

I needed to patch the build script, but after that I've reproduced the report - with debug symbols.

@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 25, 2019

Good you could reproduce it!

Sorry the build script did not work, could you share what was wrong so I can fix it?

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 26, 2019

I need to pass on sanitize options to my linker as well so I had to do this patch (I'll submit a fix for the leak in a minute):

diff --git a/intree_fuzzer/scripts/build.sh b/intree_fuzzer/scripts/build.sh
index 871986f..fba2e02 100755
--- a/intree_fuzzer/scripts/build.sh
+++ b/intree_fuzzer/scripts/build.sh
@@ -73,11 +73,11 @@ case $tcname in
       ;;
    clang6-asan-ubsan)
       export CC=clang-6.0 CXX=clang++-6.0 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan)
-      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
+      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined" LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
       ;;
    clang8-asan-ubsan)
       export CC=clang-8 CXX=clang++-8 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan-O3)
bagder added a commit that referenced this issue Oct 26, 2019
If curl_multi_cleanup() is called without all DOH handles having been
removed, make sure this is done or they will leak their memory.

Reported-by: Paul Dreik
Fixes #4463
@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 27, 2019

Thanks for the fix! It fixes the leak, but unfortunately it introduces a use after free. Here is the use after free test case base64 encoded:

AAEAAAABUgApAAAABDQubEE=

Hmm your build script change looks obviously needed, how can the build have worked for me? I use Debian Buster, were you use Debian testing for this test?

@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 27, 2019

I use debian unstable

bagder added a commit that referenced this issue Oct 27, 2019
... or risk DoH memory leaks.

Reported-by: Paul Dreik
Fixes #4463
bagder added a commit that referenced this issue Oct 28, 2019
... or risk DoH memory leaks.

Reported-by: Paul Dreik
Fixes #4463
Closes #4527
@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 29, 2019

I'm pretty sure that my fix this time is good and should be landed no matter what, but I'll still wait a little longer for your feedback to see if there's any further polish you can think of or detect to be needed.

@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 29, 2019

Thanks, I will give it a go as soon as I can (probably tonight).

@pauldreik

This comment has been minimized.

Copy link
Contributor Author

@pauldreik pauldreik commented Oct 29, 2019

Yep, merging ffc7526 fixes it!

@bagder bagder closed this in 0cbd6f8 Oct 29, 2019
@bagder

This comment has been minimized.

Copy link
Member

@bagder bagder commented Oct 29, 2019

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.