Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leaks in ParseEXRHeaderFromMemory #79

Closed
ChijinZ opened this issue Jun 10, 2018 · 2 comments
Closed

Memory leaks in ParseEXRHeaderFromMemory #79

ChijinZ opened this issue Jun 10, 2018 · 2 comments

Comments

@ChijinZ
Copy link

ChijinZ commented Jun 10, 2018

git log

commit 6fd0c1f7575b9119f287fbe5577b2eff41c71bd5
Author: Syoyo Fujita <syoyo@lighttransport.com>
Date:   Thu Jun 7 13:53:40 2018 +0900

I build tinyexr with clang and leak sanitizer. When testcase (see: https://github.com/ChijinZ/security_advisories/blob/master/tinyexr_6fd0c1f/memory_leak) is input into test_tinyexr (command: ./test_tinyexr testcase), sanitizer detected memory leaks in ParseEXRHeaderFromMemory.

Leak sanitizer provided information as below:

==25951==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 30 byte(s) in 1 object(s) allocated from:
    #0 0x441968 in strdup /home/ubuntu/llvm/llvm-6.0.0.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:407
    #1 0x53a6a7 in ParseEXRHeaderFromMemory /home/ubuntu/fuzz/tinyexr/tinyexr_6fd0c1f/./tinyexr.h:11101:16
    #2 0x5392cd in ParseEXRHeaderFromFile /home/ubuntu/fuzz/tinyexr/tinyexr_6fd0c1f/./tinyexr.h:12375:10

SUMMARY: AddressSanitizer: 30 byte(s) leaked in 1 allocation(s)
@syoyo
Copy link
Owner

syoyo commented Jun 10, 2018

I know this memory leak. You can contribute PR!

@syoyo
Copy link
Owner

syoyo commented Jun 13, 2018

Refactor error messaging and changed API behavior so that now user must free a buffer of error message on failure.

f79bbf9

@syoyo syoyo closed this as completed Jun 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants