search

rhaiscript / rhai

Rhai - An embedded scripting language for Rust.
https://crates.io/crates/rhai
Apache License 2.0
3.62k stars 174 forks source link

A memory leak was discovered #879

Open MageWeiG opened 2 months ago

MageWeiG commented 2 months ago

The vulnerThe vulnerability error information is as followsability error information is as follows:

==272144==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 7600 byte(s) in 95 object(s) allocated from:
    #0 0x564987c6381e in malloc /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x564988430aef in alloc::alloc::alloc::h3c3dfef027027bbc /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:98:9
    #2 0x564988430aef in thin_vec::header_with_capacity::h872cd374d8e78885 /rust/registry/src/index.crates.io-6f17d22bba15001f/thin-vec-0.2.13/src/lib.rs:417:22
    #3 0x56498842654d in thin_vec::ThinVec$LT$T$GT$::reallocate::heb85473a5f8f75ba /rust/registry/src/index.crates.io-6f17d22bba15001f/thin-vec-0.2.13/src/lib.rs:1526:30
    #4 0x564988428298 in thin_vec::ThinVec$LT$T$GT$::reserve::h1ab5e672b347387a /rust/registry/src/index.crates.io-6f17d22bba15001f/thin-vec-0.2.13/src/lib.rs:1075:13
    #5 0x564988428298 in thin_vec::ThinVec$LT$T$GT$::push::h47053edeb66a8c24 /rust/registry/src/index.crates.io-6f17d22bba15001f/thin-vec-0.2.13/src/lib.rs:792:13
    #6 0x564988617161 in rhai::types::fn_ptr::FnPtr::add_curry::hf24c687d40dad299 /src/rhai/src/types/fn_ptr.rs:92:9
    #7 0x564988617161 in rhai::func::call::_$LT$impl$u20$rhai..engine..Engine$GT$::make_function_call::h6ced0fe022154253 /src/rhai/src/func/call.rs:1145:28
    #8 0x564988633eb1 in rhai::func::call::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_fn_call_expr::h9eea1509380a08ec /src/rhai/src/func/call.rs:1902:9
    #9 0x564988593bd5 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt::h3f1d68ce37fc6e96 /src/rhai/src/eval/stmt.rs:293:17
    #10 0x56498858afeb in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::_$u7b$$u7b$closure$u7d$$u7d$::hc172eee184228ff8 /src/rhai/src/eval/stmt.rs:76:17
    #11 0x56498858a1d0 in core::iter::traits::iterator::Iterator::try_fold::h0a3b3286061c5141 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/core/src/iter/traits/iterator.rs:2462:21
    #12 0x56498858a1d0 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::h30e41a366e84e11a /src/rhai/src/eval/stmt.rs:69:9
    #13 0x56498857ce2d in rhai::eval::expr::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_expr::h09fd9ccc181ed335 /src/rhai/src/eval/expr.rs:396:17
    #14 0x5649885ff112 in rhai::func::call::_$LT$impl$u20$rhai..engine..Engine$GT$::get_arg_value::h40eeaa55050cd41e /src/rhai/src/func/call.rs:717:9
    #15 0x5649885342b5 in rhai::eval::chaining::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_dot_index_chain_arguments::hcccef77941f619f0 /src/rhai/src/eval/chaining.rs:574:25
    #16 0x56498852cca3 in rhai::eval::chaining::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_dot_index_chain::h6ecf223a52f3fc5a /src/rhai/src/eval/chaining.rs:494:17
    #17 0x56498857a989 in rhai::eval::expr::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_expr::h09fd9ccc181ed335 /src/rhai/src/eval/expr.rs:405:30
    #18 0x564988591cb2 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt::h3f1d68ce37fc6e96 /src/rhai/src/eval/stmt.rs:278:33
    #19 0x56498858afeb in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::_$u7b$$u7b$closure$u7d$$u7d$::hc172eee184228ff8 /src/rhai/src/eval/stmt.rs:76:17
    #20 0x56498858a1d0 in core::iter::traits::iterator::Iterator::try_fold::h0a3b3286061c5141 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/core/src/iter/traits/iterator.rs:2462:21
    #21 0x56498858a1d0 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::h30e41a366e84e11a /src/rhai/src/eval/stmt.rs:69:9
    #22 0x56498859ebd1 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt::h3f1d68ce37fc6e96 /src/rhai/src/eval/stmt.rs:754:31
    #23 0x56498858afeb in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::_$u7b$$u7b$closure$u7d$$u7d$::hc172eee184228ff8 /src/rhai/src/eval/stmt.rs:76:17
    #24 0x56498858a1d0 in core::iter::traits::iterator::Iterator::try_fold::h0a3b3286061c5141 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/core/src/iter/traits/iterator.rs:2462:21
    #25 0x56498858a1d0 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::h30e41a366e84e11a /src/rhai/src/eval/stmt.rs:69:9
    #26 0x564987d2c983 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_global_statements::he6d457883f7cff6e /src/rhai/src/eval/stmt.rs:1034:9
    #27 0x564987d2c983 in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_ast_with_scope_raw::h70c9f9bd99df24d5 /src/rhai/src/api/eval.rs:248:17
    #28 0x564987d2a82a in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_ast_with_scope::h255b169b4389c66d /src/rhai/src/api/eval.rs:194:22
    #29 0x564987df8d24 in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_with_scope::h92558ee68d1c5f48 /src/rhai/src/api/eval.rs:74:9
    #30 0x564987df8d24 in scripting::_::__libfuzzer_sys_run::h50648ade2dbcfa73 /src/rhai/fuzz/fuzz_targets/scripting.rs:56:11
    #31 0x564987df5800 in rust_fuzzer_test_input /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:297:60
    #32 0x564987e02a28 in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::h088a14482e5160ff /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:61:9
    #33 0x564987e02a28 in std::panicking::try::do_call::hd3eca6f559f58fe0 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:552:40
    #34 0x564987e08567 in __rust_try libfuzzer_sys.be59cba1b29311ec-cgu.0
    #35 0x564987e07621 in std::panicking::try::hdfe5782da957f9b4 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:516:19
    #36 0x564987e07621 in std::panic::catch_unwind::hdc9cde67403e1742 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panic.rs:142:14
    #37 0x564987e07621 in LLVMFuzzerTestOneInput /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:59:22
    #38 0x564987e27270 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #39 0x564987e11a04 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
    #40 0x564987e1749a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9

...

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x564987c6381e in malloc /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x5649888ba876 in alloc::alloc::alloc::h3c3dfef027027bbc /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:98:9
    #2 0x5649888ba876 in alloc::alloc::Global::alloc_impl::hcfa4819c3fb36399 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:181:73
    #3 0x5649888ba876 in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate::h41c10de393728491 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:241:9
    #4 0x5649888ba876 in alloc::boxed::Box$LT$T$C$A$GT$::try_new_uninit_in::h71bcde9d6831822a /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/boxed.rs:486:13
    #5 0x5649888ba876 in alloc::boxed::Box$LT$T$C$A$GT$::new_uninit_in::h0debdafa451c662e /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/boxed.rs:448:15
    #6 0x5649888ba876 in _$LT$alloc..boxed..Box$LT$T$C$A$GT$$u20$as$u20$core..clone..Clone$GT$::clone::h80cbe6ba49d10b84 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/boxed.rs:1303:25
    #7 0x5649888ba876 in _$LT$rhai..types..dynamic..Dynamic$u20$as$u20$core..clone..Clone$GT$::clone::h543f7297b1a49a0f /src/rhai/src/types/dynamic.rs:831:63
    #8 0x56498857a1b3 in rhai::eval::expr::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_expr::h09fd9ccc181ed335 /src/rhai/src/eval/expr.rs:243:48
    #9 0x56498859ab03 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt::h3f1d68ce37fc6e96 /src/rhai/src/eval/stmt.rs:434:29
    #10 0x56498858afeb in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::_$u7b$$u7b$closure$u7d$$u7d$::hc172eee184228ff8 /src/rhai/src/eval/stmt.rs:76:17
    #11 0x56498858a1d0 in core::iter::traits::iterator::Iterator::try_fold::h0a3b3286061c5141 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/core/src/iter/traits/iterator.rs:2462:21
    #12 0x56498858a1d0 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_stmt_block::h30e41a366e84e11a /src/rhai/src/eval/stmt.rs:69:9
    #13 0x564987d2c983 in rhai::eval::stmt::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_global_statements::he6d457883f7cff6e /src/rhai/src/eval/stmt.rs:1034:9
    #14 0x564987d2c983 in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_ast_with_scope_raw::h70c9f9bd99df24d5 /src/rhai/src/api/eval.rs:248:17
    #15 0x564987d2a82a in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_ast_with_scope::h255b169b4389c66d /src/rhai/src/api/eval.rs:194:22
    #16 0x564987df8d24 in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_with_scope::h92558ee68d1c5f48 /src/rhai/src/api/eval.rs:74:9
    #17 0x564987df8d24 in scripting::_::__libfuzzer_sys_run::h50648ade2dbcfa73 /src/rhai/fuzz/fuzz_targets/scripting.rs:56:11
    #18 0x564987df5800 in rust_fuzzer_test_input /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:297:60
    #19 0x564987e02a28 in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::h088a14482e5160ff /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:61:9
    #20 0x564987e02a28 in std::panicking::try::do_call::hd3eca6f559f58fe0 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:552:40
    #21 0x564987e08567 in __rust_try libfuzzer_sys.be59cba1b29311ec-cgu.0
    #22 0x564987e07621 in std::panicking::try::hdfe5782da957f9b4 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:516:19
    #23 0x564987e07621 in std::panic::catch_unwind::hdc9cde67403e1742 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panic.rs:142:14
    #24 0x564987e07621 in LLVMFuzzerTestOneInput /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:59:22
    #25 0x564987e27270 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #26 0x564987e11a04 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
    #27 0x564987e1749a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
    #28 0x564987e43892 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #29 0x7f3138e29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x564987c6381e in malloc /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x564988833375 in alloc::alloc::alloc::h3c3dfef027027bbc /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:98:9
    #2 0x564988833375 in alloc::alloc::Global::alloc_impl::hcfa4819c3fb36399 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:181:73
    #3 0x564988833375 in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Allocator$GT$::allocate::h41c10de393728491 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:241:9
    #4 0x564988833375 in alloc::alloc::exchange_malloc::h0311520cc995a166 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/alloc.rs:330:18
    #5 0x564988833375 in alloc::boxed::Box$LT$T$GT$::new::hab9c4361c486d446 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/boxed.rs:217:9
    #6 0x564988833375 in _$LT$alloc..boxed..Box$LT$T$GT$$u20$as$u20$core..convert..From$LT$T$GT$$GT$::from::hced3ac390274debe /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/alloc/src/boxed.rs:1463:9
    #7 0x564988833375 in _$LT$T$u20$as$u20$core..convert..Into$LT$U$GT$$GT$::into::h87160afd798d070a /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/core/src/convert/mod.rs:757:9
    #8 0x564988833375 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_expr_stmt::he98d3c0f16545bd5 /src/rhai/src/parser.rs:3118:44
    #9 0x564988838da3 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_stmt::h43df5d2397e09f22 /src/rhai/src/parser.rs:3389:18
    #10 0x56498885a611 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_anon_fn::hef644351f366edaf /src/rhai/src/parser.rs:3758:20
    #11 0x5649887b1b3e in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_primary::h0057509df668b483 /src/rhai/src/parser.rs:1427:17
    #12 0x5649887d950e in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_unary::h4fc0e4e7317a0c02 /src/rhai/src/parser.rs:1956:18
    #13 0x56498880fcfc in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_expr::h6a35ad26fe505995 /src/rhai/src/parser.rs:2613:19
    #14 0x5649887828b0 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_fn_call::he1b2df3d2e2ab5ca /src/rhai/src/parser.rs:685:32
    #15 0x5649887ce66f in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_postfix::h23e95a4076860061 /src/rhai/src/parser.rs:1727:21
    #16 0x5649887b3d93 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_primary::h0057509df668b483 /src/rhai/src/parser.rs:1645:9
    #17 0x5649887cfc62 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_postfix::h23e95a4076860061 /src/rhai/src/parser.rs:1794:31
    #18 0x5649887b3d93 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_primary::h0057509df668b483 /src/rhai/src/parser.rs:1645:9
    #19 0x5649887d950e in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_unary::h4fc0e4e7317a0c02 /src/rhai/src/parser.rs:1956:18
    #20 0x56498880fcfc in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_expr::h6a35ad26fe505995 /src/rhai/src/parser.rs:2613:19
    #21 0x564988832dd8 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_expr_stmt::he98d3c0f16545bd5 /src/rhai/src/parser.rs:3108:20
    #22 0x564988838da3 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_stmt::h43df5d2397e09f22 /src/rhai/src/parser.rs:3389:18
    #23 0x56498882a7a3 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_block::hc02c23234615b9e6 /src/rhai/src/parser.rs:3051:24
    #24 0x56498881c5b8 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_for::h683132bf6d66838b /src/rhai/src/parser.rs:2795:20
    #25 0x56498883b4b6 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_stmt::h43df5d2397e09f22 /src/rhai/src/parser.rs:3307:51
    #26 0x564987d4746f in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse_global_level::h8cad1bf49ee25d29 /src/rhai/src/parser.rs:3911:24
    #27 0x564987d2ea82 in rhai::parser::_$LT$impl$u20$rhai..engine..Engine$GT$::parse::h681d8c4a553c6711 /src/rhai/src/parser.rs:3961:34
    #28 0x564987d2ea82 in rhai::api::compile::_$LT$impl$u20$rhai..engine..Engine$GT$::compile_scripts_with_scope_raw::h8c2407e9c0648ca8 /src/rhai/src/api/compile.rs:229:24
    #29 0x564987df8c42 in rhai::api::eval::_$LT$impl$u20$rhai..engine..Engine$GT$::eval_with_scope::h92558ee68d1c5f48 /src/rhai/src/api/eval.rs:68:19
    #30 0x564987df8c42 in scripting::_::__libfuzzer_sys_run::h50648ade2dbcfa73 /src/rhai/fuzz/fuzz_targets/scripting.rs:56:11
    #31 0x564987df5800 in rust_fuzzer_test_input /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:297:60
    #32 0x564987e02a28 in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::h088a14482e5160ff /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:61:9
    #33 0x564987e02a28 in std::panicking::try::do_call::hd3eca6f559f58fe0 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:552:40
    #34 0x564987e08567 in __rust_try libfuzzer_sys.be59cba1b29311ec-cgu.0
    #35 0x564987e07621 in std::panicking::try::hdfe5782da957f9b4 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panicking.rs:516:19
    #36 0x564987e07621 in std::panic::catch_unwind::hdc9cde67403e1742 /rustc/89e2160c4ca5808657ed55392620ed1dbbce78d1/library/std/src/panic.rs:142:14
    #37 0x564987e07621 in LLVMFuzzerTestOneInput /rust/registry/src/index.crates.io-6f17d22bba15001f/libfuzzer-sys-0.4.7/src/lib.rs:59:22
    #38 0x564987e27270 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
    #39 0x564987e11a04 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
    #40 0x564987e1749a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
    #41 0x564987e43892 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10

SUMMARY: AddressSanitizer: 13496 byte(s) leaked in 200 allocation(s).

This vulnerability was found when using ossfuzz to test scripting fuzzer, the crash sample is attached. leak-86acaf06bf0e14a5179c477b3b2189df823ba940.zip

schungx commented 2 months ago

Closures can leak memory if they are constructed such that they refer to themselves. In other words, it is possible to create "memory loops" in Rhai that cannot be automatically collected.

This is one of the problems with closures that usually require a GC to solve, as in many scripting languages.

Not very sure if this case falls under this scenario, so I'm labeling it as a bug. Otherwise it is a known problem.