[gnutls-devel] libtasn1 | fix memleaks in asn1_array2tree, free the unused child (!62)

[Read-only notification of GnuTLS library development activities]

Andrew Hamilton commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62#note_2338635132


I was looking into a failure on oss-fuzz related to a memory leak and found that I think this is the same issue.  Here is how I was able to reproduce the issue:

Download reproducer from oss fuzz: https://oss-fuzz.com/download?testcase_id=5118451781206016

Install CLANG (I used clang-19 on Debian)

export CC=clang-19
export CFLAGS="-O1 -g -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=undefined,integer,nullability -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
export CFLAGS="$CFLAGS -fsanitize=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=bool,array-bounds,float-divide-by-zero,function,integer-divide-by-zero,return,shift,signed-integer-overflow,vla-bound,vptr"
./configure --enable-fuzzing --disable-doc --disable-gcc-warnings
make clean
make -j$(nproc)
cd fuzz


UBSAN_OPTIONS=print_stacktrace=1 ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-19/bin/llvm-symbolizer <PATH TO FUZZER DIR>/libtasn1_array2tree_fuzzer < <PATH TO FUZZ TESTCASE DOWNLOAD>/libtasn1/clusterfuzz-testcase-minimized-libtasn1_array2tree_fuzzer-5118451781206016

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/62#note_2338635132
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250208/bb9fc234/attachment.html>