ropensci / unrtf

Wrapper for 'unrtf' utility to extract text from RTF documents
https://docs.ropensci.org/unrtf
15 stars 0 forks source link

memory leak in malloc.c #6

Closed greyd0g closed 5 years ago

greyd0g commented 6 years ago

hi, recently i am studying fuzz. after some experiences,afl has found some crashes which asan shows memory leak. the output is below ➜ unrtf2 ../unrtf-0.21.9/unrtf ./output/crashes/id:000005,sig:11,src:000552,op:havoc,rep:32 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

e Jans ;Opa e9ansi ;1e _paOpa e9Opa e9ansi ;Je _paOpa e9ansi ;Je _pame Jbns ;umme Jans ;Opa e9ansi ;Je _paOpapa. s&cdaa. um e9ansi ;Je _paJans ;Smpca me Jans ;um ccaa$pa. s&ccaa. um ccasbccacpca a a. e9ansi ;Je _paOpa e9ansi ^Je _pame Jans ;umme Jans ;Opa e9ansi ;Je _paOpapa. s&cdaa. um e9ansi ;Je _paJans ;Smme Jans ;um ccaa$pa. s&ccaa. um cca

================================================================= ==121801==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 5722 byte(s) in 571 object(s) allocated from:

0 0x7fbf9dfbf602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)

#1 0x433bfc in rpl_malloc /home/greydog/fuzz/unrtf-0.21.9/src/malloc.c:166
#2 0x433bfc in my_malloc /home/greydog/fuzz/unrtf-0.21.9/src/malloc.c:73

SUMMARY: AddressSanitizer: 5722 byte(s) leaked in 571 allocation(s).

after that, i view the malloc.c . i found malloc without memset.it's really unsafe.