doh: memory leak in conjunction with proxy use

[pauldreik]

I am running a modified version of the existing TLV http fuzzer (available here: https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer/src/networkfuzzers).
I have gotten a leak when using doh and setting proxy option CURLOPT_PROXY (here: https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer_tlv.cc#L291)

The fuzzer sets the following options:

CURLOPT_URL='127.0.1.127:55770\x00\xff                          '
CURLOPT_NOBODY='    ')
CURLOPT_FOLLOWLOCATION='    ')
CURLOPT_ACCEPT_ENCODING=''
CURLOPT_DOH_URL='*:2'
CURLOPT_PROXY='*:2\x00'

The fuzzer (server) replies with the following garbage (the snipped tail is probably irrelevant):

'HTTP/2.0 301    \nLocation:       \xff\n    \xff   ' (snipped, continuous with more of the same)

and I get a leak report at the bottom of the message.

This reproduces well (tested two different machines, several times).

To reproduce, build the fuzzers according to https://github.com/pauldreik/curl-fuzzer/tree/paul/localfuzz_public0/intree_fuzzer#building and run (the provoking file is base64 encoded in the bottom of this report)

cd curl/build-fuzz-clang7-asan-ubsan
tests/curl_fuzzer_http läcka

paul@tonfisk:~/code/delaktig/curl/build-fuzz-clang7-asan-ubsan$ tests/curl_fuzzer_http läcka
INFO: Seed: 3909814624
INFO: Loaded 1 modules   (319542 inline 8-bit counters): 319542 [0x24af760, 0x24fd796), 
INFO: Loaded 1 PC tables (319542 PCs): 319542 [0x1898628,0x1d78988), 
tests/curl_fuzzer_http: Running 1 inputs 1 time(s) each.
Running: läcka

=================================================================
==16696==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 16401 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92ba3a in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:599:24
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 5968 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x92b650 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:581:10
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 1472 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x7c6971 in Curl_ssl_initsessions /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/vtls/vtls.c:601:13
    #3 0xa5661d in Curl_pretransfer /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/transfer.c:1444:12
    #4 0x6254bf in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1487:16
    #5 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #6 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #7 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #8 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #9 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #10 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #11 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #12 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 272 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x92bed5 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:605:30
    #3 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #4 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 240 byte(s) in 2 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0xbe7011 in curl_url /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:964:10
    #3 0x96697e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1775:27
    #4 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #5 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #6 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #7 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #8 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #9 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #10 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #11 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #12 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #13 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #14 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 54 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x6849ff in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:92:19
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc035db in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:845:17
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 42 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x968d12 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1807:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbe6beb in Curl_parse_port /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:565:15
    #4 0xc059c1 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:923:14
    #5 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #6 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #7 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #8 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b977 in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1857:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbed7bd in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1070:23
    #4 0x96b67e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1853:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xbf2bbb in curl_url_get /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1168:13
    #4 0x96b14e in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1847:8
    #5 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #6 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #7 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #8 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #9 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #10 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #11 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #12 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #13 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #14 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #15 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 36 byte(s) in 2 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0xc05cd2 in seturl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:936:15
    #4 0xbf98f0 in parseurl /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:952:22
    #5 0xbf580b in curl_url_set /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/urlapi.c:1340:16
    #6 0x9688ad in parseurlandfillconn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:1795:10
    #7 0x93f872 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3315:12
    #8 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #9 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #10 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #11 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #12 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #13 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #14 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #15 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #16 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #17 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x6841c0 in Curl_slist_append_nodup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:66:14
    #3 0x684a3f in curl_slist_append /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/slist.c:97:10
    #4 0xbc0042 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:376:5
    #5 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #6 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #7 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #8 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #9 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #10 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #11 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #12 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #13 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #14 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #15 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #16 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #17 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #18 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x567a5f in calloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567a5f)
    #1 0x5cf2a0 in curl_dbg_calloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:205:9
    #2 0x69d0a9 in Curl_resolver_init /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/asyn-thread.c:114:15
    #3 0x92b974 in Curl_open /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:590:12
    #4 0xbc4792 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:248:12
    #5 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #6 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #7 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #8 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #9 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #10 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #11 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #12 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #13 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #14 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #15 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #16 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #17 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #18 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #19 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc1f9a in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:393:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

Indirect leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x567827 in __interceptor_malloc (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x567827)
    #1 0x5ce425 in curl_dbg_malloc /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:174:9
    #2 0x5cf7fd in curl_dbg_strdup /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/memdebug.c:229:9
    #3 0x735abd in Curl_setstropt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:62:17
    #4 0x75be5e in Curl_vsetopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:1283:14
    #5 0x792232 in curl_easy_setopt /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/setopt.c:2771:12
    #6 0xbc48a9 in dohprobe /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:253:5
    #7 0xbc10f9 in Curl_doh /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/doh.c:383:14
    #8 0x840a27 in Curl_resolv /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:535:14
    #9 0x841e1f in Curl_resolv_timeout /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/hostip.c:722:8
    #10 0x99f63f in resolve_server /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3147:12
    #11 0x958382 in create_conn /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3741:12
    #12 0x93e5d4 in Curl_connect /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/url.c:3845:12
    #13 0x625e53 in multi_runsingle /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:1511:16
    #14 0x62034a in curl_multi_perform /home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/../lib/multi.c:2226:14
    #15 0x5afe14 in fuzz_handle_transfer(FUZZ_DATA*) /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:210:3
    #16 0x5ae0f4 in LLVMFuzzerTestOneInput /home/paul/code/delaktig/curl-fuzzer/intree_fuzzer/src/networkfuzzers/curl_fuzzer.cc:112:3
    #17 0x47a40d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x47a40d)
    #18 0x469e7a in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x469e7a)
    #19 0x474db8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x474db8)
    #20 0x466ae2 in main (/home/paul/code/delaktig/curl/build-fuzz-clang7-asan-ubsan/tests/curl_fuzzer_http+0x466ae2)
    #21 0x7fd4b27d7b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: 47484 byte(s) leaked in 32 allocation(s).

The test case file (läcka):

AAEAAAAtMTI3LjAuMS4xMjc6NTU3NzAA/yAgICAgICAgICAgICAgICAgICAgICAgICAgAAIAAAAr
SFRUUC8yLjAgMzAxICAgIApMb2NhdGlvbjogICAgICAg/wogICAg/yAgIAARAAAAlyAgICAgICAg
ICAgICAgICAgICD/////////////////////////////////////////////////////////////
//////////////////////////8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAAEQAAAIEgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgIP8gICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/////////////////yAgICD//////yAgICAgICAAEQAAAHog
ICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICD/ICAgICAgICAgICAgICAg
ICAgICAgIAARAAAATSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgABEAAACVICAg/yAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAAEQAAAG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAAEQAAAFwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAgICD///8gICAg
ICAgIAARAAAAQSAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgABEAAAB0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICD///8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD/
ICAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAADcgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgABEAAABlICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICAgICAgICAgICAAEQAAAHH/ICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAAXCAgICAgIP8gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgABEAAABYICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAARAAAASv8g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAg/yAgICAgICAgICAgABEAAABWICAgICAgICAgICAgIP8gICAgICAgICAgICAgIP8gICAgICAg
ICAgICAg/yAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgICAgICAgICAAEQAAAGAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg/yAgICAg
ICAgICAgICAgICAgICAgICAgICD//////////////yAgICAgICAAEQAAAFQgICD/ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICD/ICAAEQAAAFQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IP8gICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICD/ICAgICAgICAgICAAEQAAAGEgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICD/ICAgICAgICAgICAgICAgABEAAACJICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAg/yAgICAgICAgICAgICAgIP//ICAgICAgICAgICAgICAgICD/ICAg
ICAgICAgICAAEQAAALQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIP8gICAgICD/ICAgICAg/yAgICAgICAg//8gICAgICAgICAgIP8gICAgICAgICAgICAg
ICAgICAgICAgICAg/yAgICAgICAgICAgICAgICAgIP8gICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAAHAAAAAQgICAgAB0AAAAEICAgIAAeAAAAAAApAAAAAyo6
MgAqAAAABCo6MgA=

[pauldreik]

I got blocked by this when trying to get the fuzzers running again. Here is a smaller testcase, as displayed by (a modified version of) read_corpus.py:

TLVHeader(type='CURLOPT_URL' (1), length=11, data='127.0.1.127')
TLVHeader(type='Server banner (sent on connection)' (2), length=27, data='HTTP/1.1 399 OK\nLocation:x\n')
TLVHeader(type='CURLOPT_FOLLOWLOCATION' (29), length=4, data='\x00\x00\x00\x01')
TLVHeader(type='CURLOPT_DOH_URL' (41), length=7, data='[::1]:2')
TLVHeader(type='CURLOPT_PROXY' (42), length=7, data='[::1]:2')

Here is the base64 encoded data:

AAEAAAALMTI3LjAuMS4xMjcAAgAAABtIVFRQLzEuMSAzOTkgT0sKTG9jYXRpb246eAoAHQAAAAQA
AAABACkAAAAHWzo6MV06MgAqAAAAB1s6OjFdOjI=

Any modification of the following makes it not reproduce:

• Setting the ip address in the url to anything else than the 127.0.1.127
• setting CURLOPT_DOH_URL different than CURLOPT_PROXY
• using something else than the ipv6 form in CURLOPT_DOH_URL

I guess it is not a coincidence that 127.0.1.127 is also set in https://github.com/pauldreik/curl-fuzzer/blob/c602bc13788fa88b7f93933b4e996aa1045c9dfd/curl_fuzzer.cc#L161

Any modification of the following, still reproduces the leak:

• the location value (x)
• the last two digits of the http code
• the ip address of the CURLOPT_PROXY and CURLOPT_DOH_URL

Hopefully that can assist in explaining this. I tried to understand where to clean up the doh structure, but I failed. I guess all this is related to to some reuse, and the old doh data structure is not cleared before settting a new one. Or something along those lines.

[bagder]

This still requires that I build your custom fuzzer version, right?

[pauldreik]

This still requires that I build your custom fuzzer version, right?

Yes, unfortunately.

[bagder]

I needed to patch the build script, but after that I've reproduced the report - with debug symbols.

[pauldreik]

Good you could reproduce it!

Sorry the build script did not work, could you share what was wrong so I can fix it?

[bagder]

I need to pass on sanitize options to my linker as well so I had to do this patch (I'll submit a fix for the leak in a minute):

diff --git a/intree_fuzzer/scripts/build.sh b/intree_fuzzer/scripts/build.sh
index 871986f..fba2e02 100755
--- a/intree_fuzzer/scripts/build.sh
+++ b/intree_fuzzer/scripts/build.sh
@@ -73,11 +73,11 @@ case $tcname in
       ;;
    clang6-asan-ubsan)
       export CC=clang-6.0 CXX=clang++-6.0 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan)
-      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
+      export CC=clang-7 CXX=clang++-7 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined" LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer"
       ;;
    clang8-asan-ubsan)
       export CC=clang-8 CXX=clang++-8 CFLAGS="-fsanitize=address,undefined" CXXFLAGS="-fsanitize=address,undefined"
       ;;
    clang7-asan-ubsan-O3)

[pauldreik]

Thanks for the fix! It fixes the leak, but unfortunately it introduces a use after free. Here is the use after free test case base64 encoded:

AAEAAAABUgApAAAABDQubEE=

Hmm your build script change looks obviously needed, how can the build have worked for me? I use Debian Buster, were you use Debian testing for this test?

[bagder]

I use debian unstable