Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory leak on malformed input #28

Closed
Shnatsel opened this issue Jun 21, 2018 · 1 comment
Closed

Memory leak on malformed input #28

Shnatsel opened this issue Jun 21, 2018 · 1 comment

Comments

@Shnatsel
Copy link
Contributor

Shnatsel commented Jun 21, 2018
edited
Loading

lodepng-rust leaks memory when given malicious input. This issue has been discovered via fuzzing with cargo-fuzz.

Steps to reproduce:

git clone https://github.com/Shnatsel/lodepng-leak.git
cd lodepng-leak
RUSTFLAGS='--cfg fuzzing' cargo run

PNG and deflate checksums make fuzzing impossible, so I have modified lodepng-fuzz to disable checksum verification during fuzzing via conditional compilation. lodepng-leak repo currently links against my modified version, which can be found here along with the fuzzing setup. The code right now is rather messy, but it would be nice to get something similar in your repo as well.
@kornelski
Copy link
Owner

kornelski commented Jun 21, 2018
edited
Loading

That's an interesting result. Thank you for fuzzing it!

I'll check it next week as I'm currently traveling.

This was referenced Jun 27, 2018
Closed
Merged
kornelski added a commit that referenced this issue Jul 18, 2018
@kornelski
Avoid leaking malloced strings
37a7bcc 
Fixes #28
@Shnatsel Shnatsel mentioned this issue Aug 30, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kornelski @Shnatsel