Linaro / OpenCSD

CoreSight trace stream decoder developed openly
https://github.com/Linaro/opencsd/wiki
Other
141 stars 53 forks source link

Memory leak in EtmV4P0Stack::createAddrElem #52

Closed yabinc closed 1 year ago

yabinc commented 1 year ago

The memory leak is found by fuzzer. It may not be reproducible by real ETM data.

The allocation happens at below callstack:

0 0x563bb9007ffd in operator new(unsigned long, std::nothrow_t const&) out/stage2/runtimes/runtimes-x86_64-unknown-linux-gnu-bins/out/stage2/runtimes/runtimes-x86_64-unknown-linux-gnu-bins/out/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:101:3

#1 0x563bba039e70 in EtmV4P0Stack::createAddrElem(_ocsd_etmv4_i_pkt_type, unsigned int, _etmv4_addr_val_t const&) external/OpenCSD/decoder/source/etmv4/trc_etmv4_stack_elem.cpp:111:31
#2 0x563bba013869 in TrcPktDecodeEtmV4I::decodePacket() external/OpenCSD/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp:369:28
#3 0x563bba01169c in TrcPktDecodeEtmV4I::processPacket() external/OpenCSD/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp:118:19
#4 0x563bba02a50a in TrcPktDecodeBase<EtmV4ITrcPacket, EtmV4Config>::PacketDataIn(_ocsd_datapath_op_t, unsigned int, EtmV4ITrcPacket const*) external/OpenCSD/decoder/include/common/trc_pkt_decode_base.h:0

The memleak happens at below callstack:

7 0x55a755909146 in EtmV4P0Stack::erase_curr_from_front() external/OpenCSD/decoder/source/etmv4/trc_etmv4_stack_elem.cpp:190:9

#8 0x55a7558eaa08 in TrcPktDecodeEtmV4I::mispredictAtom() external/OpenCSD/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp:1087:28
#9 0x55a7558e2dae in TrcPktDecodeEtmV4I::resolveElements() external/OpenCSD/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp:674:27
#10 0x55a7558df0d1 in TrcPktDecodeEtmV4I::processPacket() external/OpenCSD/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp:138:20
#11 0x55a7558f81da in TrcPktDecodeBase<EtmV4ITrcPacket, EtmV4Config>::PacketDataIn(_ocsd_datapath_op_t, unsigned int, EtmV4ITrcPacket const*) external/OpenCSD/decoder/include/common/trc_pkt_decode_base.h

The memleak disappears after adding "delete *erase_iter;" in EtmV4P0Stack::erase_curr_from_front().

mikel-armbb commented 1 year ago

Thanks for finding this.

Fixed in 1.4 release.

yabinc commented 1 year ago

Thanks for the rapid fix!