【fuzz】内存泄漏 ERROR: LeakSanitizer: detected memory leaks

【环境信息】
系统：x86
【测试版本】
openEuler-20.03-LTS-SP1
【注意事项】
受影响版本排查（受影响/不受影响）
1、master
2、openEuler-LTS-20.03
3、openEuler-LTS-20.03-SP1
4、openEuler-LTS-20.03-Next
5、openEuler-20.09
【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer address wavpack
2、执行
python3 infra/helper.py run_fuzzer wavpack fuzzer -rss_limit_mb=0
【报错信息】
```
==18==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2048 byte(s) in 1 object(s) allocated from:
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x568f56 in init_dsd_block_fast /src/wavpack/src/unpack_dsd.c:146:37
    #2 0x568bc9 in init_dsd_block /src/wavpack/src/unpack_dsd.c:52:16
    #3 0x55b161 in process_metadata /src/wavpack/src/open_utils.c:756:20
    #4 0x55a12e in unpack_init /src/wavpack/src/open_utils.c:318:14
    #5 0x56361c in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:181:37
    #6 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9
    #7 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #8 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #9 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #10 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
    #11 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #12 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #13 0x7f21f664b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 1024 byte(s) in 1 object(s) allocated from:
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x568f8f in init_dsd_block_fast /src/wavpack/src/unpack_dsd.c:147:30
    #2 0x568bc9 in init_dsd_block /src/wavpack/src/unpack_dsd.c:52:16
    #3 0x55b161 in process_metadata /src/wavpack/src/open_utils.c:756:20
    #4 0x55a12e in unpack_init /src/wavpack/src/open_utils.c:318:14
    #5 0x56361c in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:181:37
    #6 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9
    #7 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #8 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #9 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #10 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
    #11 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #12 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #13 0x7f21f664b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x568f13 in init_dsd_block_fast /src/wavpack/src/unpack_dsd.c:144:29
    #2 0x568bc9 in init_dsd_block /src/wavpack/src/unpack_dsd.c:52:16
    #3 0x55b161 in process_metadata /src/wavpack/src/open_utils.c:756:20
    #4 0x55a12e in unpack_init /src/wavpack/src/open_utils.c:318:14
    #5 0x56361c in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:181:37
    #6 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9
    #7 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #8 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #9 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #10 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
    #11 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #12 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #13 0x7f21f664b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 1340 byte(s) in 4 object(s) allocated from:
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3
    #1 0x5694aa in init_dsd_block_fast /src/wavpack/src/unpack_dsd.c:189:56
    #2 0x568bc9 in init_dsd_block /src/wavpack/src/unpack_dsd.c:52:16
    #3 0x55b161 in process_metadata /src/wavpack/src/open_utils.c:756:20
    #4 0x55a12e in unpack_init /src/wavpack/src/open_utils.c:318:14
    #5 0x56361c in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:181:37
    #6 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9
    #7 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
    #8 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
    #9 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
    #10 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
    #11 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
    #12 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
    #13 0x7f21f664b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 4444 byte(s) leaked in 7 allocation(s).
INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.
【问题复现】
python infra/helper.py reproduce wavpack fuzzer build/out/wavpack/leak-06dbe8648e0816a940319153365928175eed81bc

MS: 1 CrossOver-; base unit: 32ae2b23ba0ca68f7964c0a5f272af6f06851d4d
artifact_prefix='./'; Test unit written to ./leak-06dbe8648e0816a940319153365928175eed81bc
```

多次运行，还会报memcpy-param-overlap错误
```
^[[1m^[[31m==18==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x621000034900,0x62100003491f) and [0x621000034906, 0x621000034925) overlap^M
^[[1m^[[0mSCARINESS: 10 (memcpy-param-overlap)^M
    #0 0x51cf44 in __asan_memcpy /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3^M
    #1 0x5651f8 in find_header /src/wavpack/src/unpack_seek.c:263:13^M
    #2 0x564d21 in find_sample /src/wavpack/src/unpack_seek.c:343:20^M
    #3 0x562fe7 in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:71:28^M
    #4 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9^M
    #5 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15^M
    #6 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3^M
    #7 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19^M
    #8 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5^M
    #9 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6^M
    #10 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10^M
    #11 0x7f8e9c2ab82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)^M
    #12 0x41de98 in _start (/out/fuzzer+0x41de98)^M
^M
^[[1m^[[32m0x621000034900 is located 0 bytes inside of 4096-byte region [0x621000034900,0x621000035900)^M
^[[1m^[[0m^[[1m^[[35mallocated by thread T0 here:^[[1m^[[0m^M
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3^M
    #1 0x5650f0 in find_header /src/wavpack/src/unpack_seek.c:251:29^M
    #2 0x564d21 in find_sample /src/wavpack/src/unpack_seek.c:343:20^M
    #3 0x562fe7 in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:71:28^M
    #4 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9^M
    #5 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15^M
    #6 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3^M
    #7 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19^M
    #8 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5^M
    #9 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6^M
    #10 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10^M
    #11 0x7f8e9c2ab82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)^M
^M
^[[1m^[[32m0x621000034906 is located 6 bytes inside of 4096-byte region [0x621000034900,0x621000035900)^M
^[[1m^[[0m^[[1m^[[35mallocated by thread T0 here:^[[1m^[[0m^M
    #0 0x51dbdd in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:145:3^M
    #1 0x5650f0 in find_header /src/wavpack/src/unpack_seek.c:251:29^M
    #2 0x564d21 in find_sample /src/wavpack/src/unpack_seek.c:343:20^M
    #3 0x562fe7 in WavpackSeekSample64 /src/wavpack/src/unpack_seek.c:71:28^M
    #4 0x5508af in LLVMFuzzerTestOneInput /src/wavpack/fuzzing/fuzzer.cc:252:9^M
    #5 0x458521 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15^M
    #6 0x457c65 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3^M
    #7 0x459d37 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19^M
    #8 0x45a7b5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5^M
    #9 0x44978e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6^M
    #10 0x471f62 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10^M
    #11 0x7f8e9c2ab82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)^M
^M
SUMMARY: AddressSanitizer: memcpy-param-overlap /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy^M
==18==ABORTING^M
MS: 5 PersAutoDict-ChangeByte-ShuffleBytes-ChangeBit-CrossOver- DE: "\x00\x00\x00\x00\x00\x00\xc4S"-; base unit: 983e1cfc89cd6a9f663165a64f24efbfa9dc2220^M
artifact_prefix='./'; Test unit written to ./crash-df1e089adff96de2bbb34283cfc697ba1d5cb3fc
```

src-openEuler/wavpack
关闭

内容风险标识

评论 (3)

src-openEuler/wavpack关闭 .gitee-modal { width: 500px !important; }

内容风险标识