Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory leaks in Lua: luaL_addgsub, luaL_gsub, luaL_loadbuffer #28

Open
ligurio opened this issue Jul 23, 2023 · 1 comment
Open

Memory leaks in Lua: luaL_addgsub, luaL_gsub, luaL_loadbuffer #28

ligurio opened this issue Jul 23, 2023 · 1 comment

Comments

@ligurio
Copy link
Owner

ligurio commented Jul 23, 2023
edited
Loading

Initially reported in #25 and oss-fuzz#58707.

How to reproduce

CC=clang CXX=clang++ cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DUSE_LUA=ON
cmake --build build --parallel

luaL_addgsub_test:

./build/tests/luaL_addgsub_test
<snipped>
Indirect leak of 29 byte(s) in 1 object(s) allocated from:                                                                                  
    #0 0x559bc122c995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_addgsub_test+0x145995) (BuildId: e31da1e432417eded9
ddb02691e605f88d0d01ad)                                                                                                                     
    #1 0x559bc13749bd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12
    #2 0x559bc12db3bb in luaM_malloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:206:22                           
    #3 0x559bc12c1b83 in luaC_newobjdt /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:260:13                           
    #4 0x559bc12c1de4 in luaC_newobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:271:10
    #5 0x559bc1303550 in createstrobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:148:7
    #6 0x559bc130442c in internshrstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:208:8
    #7 0x559bc13032a2 in luaS_newlstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:223:12
    #8 0x559bc138cdc3 in luaX_init /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/llex.c:72:16
    #9 0x559bc12fff6d in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:238:3
    #10 0x559bc12a786e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #11 0x559bc12ff9aa in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7
    #12 0x559bc137486f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #13 0x559bc126b2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_addgsub_test.cc:25:17

<snipped>

Indirect leak of 32 byte(s) in 1 object(s) allocated from:                                                                                  
    #0 0x559bc122c995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_addgsub_test+0x145995) (BuildId: e31da1e432417eded9
ddb02691e605f88d0d01ad)                                                                                                                     
    #1 0x559bc13749bd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12                            
    #2 0x559bc12dad49 in luaM_realloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:180:14
    #3 0x559bc13075c2 in luaH_resize /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ltable.c:573:14                          
    #4 0x559bc1301185 in init_registry /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:220:3                         
    #5 0x559bc12fff52 in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:235:3
    #6 0x559bc12a786e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #7 0x559bc12ff9aa in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7 
    #8 0x559bc137486f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #9 0x559bc126b2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_addgsub_test.cc:25:17

<snipped>

luaL_gsub_test:

./build/tests/luaL_gsub_test
<snipped>

Indirect leak of 29 byte(s) in 1 object(s) allocated from:
    #0 0x5614209bd995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_gsub_test+0x145995) (BuildId: d5278ec1ec3fad35fd14e
bcd6b99d008099d8855)
    #1 0x561420b058cd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12
    #2 0x561420a6c2cb in luaM_malloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:206:22
    #3 0x561420a52a93 in luaC_newobjdt /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:260:13
    #4 0x561420a52cf4 in luaC_newobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:271:10
    #5 0x561420a94460 in createstrobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:148:7
    #6 0x561420a9533c in internshrstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:208:8
    #7 0x561420a941b2 in luaS_newlstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:223:12
    #8 0x561420b1dcd3 in luaX_init /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/llex.c:72:16
    #9 0x561420a90e7d in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:238:3
    #10 0x561420a3877e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #11 0x561420a908ba in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7
    #12 0x561420b0577f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #13 0x5614209fc2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_gsub_test.cc:25:17

<snipped>

Is it a false positive or not?
ligurio added a commit to ligurio/lua-c-api-corpus that referenced this issue Jul 23, 2023
@ligurio
options: add custom options for tests
98db57a 
OSS-Fuzz allows passing custom options to a fuzzing test, see [1] and
[2]. These options files are specific for OSS-Fuzz. However, it is
convenient to store them out of oss-fuzz repository.

Patch adds three options files for tests luaL_loadbuffer_test,
luaL_addgsub_test and luaL_gsub_test with disabled leaks detection
(`detect_leaks=0`).

1. https://github.com/google/oss-fuzz/blob/4d1f3ec4df81f24605f442fdd42d1769161080ae/infra/base-images/base-runner/parse_options.py#L22
2. https://google.github.io/oss-fuzz/getting-started/new-project-guide/#dictionaries

Related to ligurio/lua-c-api-tests#25
Related to ligurio/lua-c-api-tests#28
@ligurio ligurio mentioned this issue Jul 23, 2023
Merged
ligurio added a commit that referenced this issue Aug 10, 2023
@ligurio
patches: disable LeakSanitizer in PUC Rio Lua
2099d47 
Part of #28
Closes #25
DonggeLiu pushed a commit to google/oss-fuzz that referenced this issue Aug 16, 2023
@ligurio
[lua] read a list of files via stdin (#10732)
f4b7f42 
Corpus for test lua_loadbuffer_proto is huge, it contains about 80k
files and zip reports an error on compression: `/usr/bin/zip: Argument
list too long`. The patch fixes that by passing a list of files via
stdin.

Disable leak detection: 
- ligurio/lua-c-api-tests#25
- ligurio/lua-c-api-tests#28
@ligurio
Copy link
Owner Author

ligurio commented Aug 18, 2023

LeakSanitizer temporarily disabled in 98db57a95c9da887941e4eac0c3c00bfda4310ac using .options files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ligurio