LeakSanitizer: detected memory leaks
hdthky opened this issue · 1 comments
Description
Whilst experimenting with htmldoc, built from commit 31f7804, we are able to induce memory leaks in function strdup , using a harness compiled from htmldoc/htmldoc.cxx.
Because the allocated memory has not been freed , memory leaks will be triggered when the software encounters a malformed file, resulting in exhausted system resources or denial of service.
Proof of Concept
The POC is: poc_memory_leak
The command is: ./htmldoc --webpage -t pdf -f /dev/null poc_memory_leak
The ASAN report is:
=================================================================
==45404==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 41 byte(s) in 5 object(s) allocated from:
#0 0x307074 in strdup (/work/libraries/htmldoc/htmldoc/htmldoc+0x307074)
#1 0x4a4220 in get_format /work/libraries/htmldoc/htmldoc/util.cxx
SUMMARY: AddressSanitizer: 41 byte(s) leaked in 5 allocation(s).
Impact
This vulnerability is capable of inducing denial of service.
@hdthky This is NOT an actionable memory leak. LeakSanitizer is reporting that 41 bytes were allocated, pointers not lost, and not freed before the process exits. But since the OS reclaims all memory on process exit, there is no point in freeing these pointers before exit.