Closed schwehr closed 4 years ago
The first value is leaked. It also looks like the error returns in coda-sp3.c:read_header() don't delete value
value
==2468135==ERROR: LeakSanitizer: detected memory leaks -- | | Direct leak of 4096 byte(s) in 1 object(s) allocated from: | #1 0x5654243c6cf8 in coda_mem_data_new third_party/stcorp_coda/libcoda/coda-mem-type.c:821:38 | #2 0x5654243c46cd in coda_mem_string_new third_party/stcorp_coda/libcoda/coda-mem-type.c:940:12 | #3 0x565424402922 in read_header third_party/stcorp_coda/libcoda/coda-sp3.c:918:34 | #4 0x565424402148 in read_file third_party/stcorp_coda/libcoda/coda-sp3.c:1906:9 | #5 0x5654243fc423 in coda_sp3_reopen third_party/stcorp_coda/libcoda/coda-sp3.c:1973:9 | #6 0x5654243d1df6 in reopen_with_backend third_party/stcorp_coda/libcoda/coda-product.c:422:17 | #7 0x5654243ceb48 in open_file third_party/stcorp_coda/libcoda/coda-product.c:552:9 | #8 0x5654243ce48a in coda_recognize_file third_party/stcorp_coda/libcoda/coda-product.c:596:9 | #9 0x5654242e1171 in LLVMFuzzerTestOneInput third_party/stcorp_coda/fuzz/coda_recognize_file_fuzzer.cc:19:3
// The following value is leaked value = (coda_dynamic_type *)coda_mem_string_new((coda_type_text *)sp3_type[sp3_pos_vel], NULL, info->product, str); coda_mem_record_add_field(info->header, "pos_vel", value, 0); memcpy(str, &line[3], 28); str[28] = '\0'; base_type = (coda_dynamic_type *)coda_mem_string_new((coda_type_text *)sp3_type[sp3_datetime_start_string], NULL, info->product, str); value = (coda_dynamic_type *)coda_mem_time_new((coda_type_special *)sp3_type[sp3_datetime_start], NULL, base_type); coda_mem_record_add_field(info->header, "datetime_start", value, 0); if (coda_ascii_parse_int64(&line[32], 7, &int_value, 0) < 0) { coda_add_error_message(" (line: %ld, byte offset: %ld)", info->linenumber, info->offset + 32); return -1; } value = (coda_dynamic_type *)coda_mem_int32_new((coda_type_number *)sp3_type[sp3_num_epochs], NULL, info->product, (int32_t)int_value); coda_mem_record_add_field(info->header, "num_epochs", value, 0); memcpy(str, &line[40], 5); str[5] = '\0'; value = (coda_dynamic_type *)coda_mem_string_new((coda_type_text *)sp3_type[sp3_data_used], NULL, info->product, str); coda_mem_record_add_field(info->header, "data_used", value, 0);
Test case:
#bV8888 & 2 88888885
testcase-5662127726788608.zip
Fixed in 4d776e2b38bf579272f1916e1d3fb29dfad1e2c4
(note that 'value' does not have to be cleaned; values will get cleaned as part of the cleanup of info->header)
Verified
The first value is leaked. It also looks like the error returns in coda-sp3.c:read_header() don't delete
value
Test case:
testcase-5662127726788608.zip