Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detected memory leaks in RTCP/ReceiverReport.cpp #247

Closed
ibc opened this issue Dec 15, 2018 · 2 comments
Closed

detected memory leaks in RTCP/ReceiverReport.cpp #247

ibc opened this issue Dec 15, 2018 · 2 comments
Assignees
@jmillan
Labels
bug fuzzer
Milestone
v2 updates

Comments

@ibc
Copy link
Member

ibc commented Dec 15, 2018
edited
Loading

By just enabling case Type::SR in RTCP::Packet::Parse():

=================================================================
==15==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x595022 in operator new(unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:106:3
    #1 0xa39f94 in RTC::RTCP::ReceiverReportPacket::Parse(unsigned char const*, unsigned long, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/ReceiverReport.cpp:82:49
    #2 0xa27270 in RTC::RTCP::Packet::Parse(unsigned char const*, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/Packet.cpp:84:21
    #3 0xb4ab8e in fuzz(unsigned char const*, unsigned long) /mediasoup/worker/out/../fuzzer/fuzzer.cpp:46:26
    #4 0xb4ad7a in LLVMFuzzerTestOneInput /mediasoup/worker/out/../fuzzer/fuzzer.cpp:73:2
    #5 0x45f47a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:576:15
    #6 0x45eb95 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:485:3
    #7 0x4616ce in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:788:7
    #8 0x461a35 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:811:3
    #9 0x4584f3 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:765:6
    #10 0x4801d2 in main /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7f8dde0a882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x595022 in operator new(unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:106:3
    #1 0xa389ab in RTC::RTCP::ReceiverReport::Parse(unsigned char const*, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/ReceiverReport.cpp:30:11
    #2 0xa3a22a in RTC::RTCP::ReceiverReportPacket::Parse(unsigned char const*, unsigned long, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/ReceiverReport.cpp:94:30
    #3 0xa27270 in RTC::RTCP::Packet::Parse(unsigned char const*, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/Packet.cpp:84:21
    #4 0xb4ab8e in fuzz(unsigned char const*, unsigned long) /mediasoup/worker/out/../fuzzer/fuzzer.cpp:46:26
    #5 0xb4ad7a in LLVMFuzzerTestOneInput /mediasoup/worker/out/../fuzzer/fuzzer.cpp:73:2
    #6 0x45f47a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:576:15
    #7 0x45eb95 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:485:3
    #8 0x4616ce in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:788:7
    #9 0x461a35 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:811:3
    #10 0x4584f3 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:765:6
    #11 0x4801d2 in main /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7f8dde0a882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Indirect leak of 8 byte(s) in 1 object(s) allocated from:
    #0 0x595022 in operator new(unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:106:3
    #1 0x861cbf in __gnu_cxx::new_allocator<RTC::RTCP::ReceiverReport*>::allocate(unsigned long, void const*) /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/ext/new_allocator.h:104:27
    #2 0x861bf8 in std::allocator_traits<std::allocator<RTC::RTCP::ReceiverReport*> >::allocate(std::allocator<RTC::RTCP::ReceiverReport*>&, unsigned long) /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/alloc_traits.h:491:20
    #3 0x861711 in std::_Vector_base<RTC::RTCP::ReceiverReport*, std::allocator<RTC::RTCP::ReceiverReport*> >::_M_allocate(unsigned long) /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:170:20
    #4 0x860c62 in void std::vector<RTC::RTCP::ReceiverReport*, std::allocator<RTC::RTCP::ReceiverReport*> >::_M_emplace_back_aux<RTC::RTCP::ReceiverReport* const&>(RTC::RTCP::ReceiverReport* const&) /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/vector.tcc:412:28
    #5 0x860b1a in std::vector<RTC::RTCP::ReceiverReport*, std::allocator<RTC::RTCP::ReceiverReport*> >::push_back(RTC::RTCP::ReceiverReport* const&) /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:923:4
    #6 0x860945 in RTC::RTCP::ReceiverReportPacket::AddReport(RTC::RTCP::ReceiverReport*) /mediasoup/worker/out/../include/RTC/RTCP/ReceiverReport.hpp:240:18
    #7 0xa3a275 in RTC::RTCP::ReceiverReportPacket::Parse(unsigned char const*, unsigned long, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/ReceiverReport.cpp:98:14
    #8 0xa27270 in RTC::RTCP::Packet::Parse(unsigned char const*, unsigned long) /mediasoup/worker/out/../src/RTC/RTCP/Packet.cpp:84:21
    #9 0xb4ab8e in fuzz(unsigned char const*, unsigned long) /mediasoup/worker/out/../fuzzer/fuzzer.cpp:46:26
    #10 0xb4ad7a in LLVMFuzzerTestOneInput /mediasoup/worker/out/../fuzzer/fuzzer.cpp:73:2
    #11 0x45f47a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:576:15
    #12 0x45eb95 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:485:3
    #13 0x4616ce in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:788:7
    #14 0x461a35 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::__Fuzzer::basic_string<char, std::__Fuzzer::char_traits<char>, std::__Fuzzer::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:811:3
    #15 0x4584f3 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:765:6
    #16 0x4801d2 in main /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #17 0x7f8dde0a882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 104 byte(s) leaked in 3 allocation(s).

INFO: a leak has been found in the initial corpus.

INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.

MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x81,0xc8,0x0,0xc,0x12,0x34,0x56,0x78,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x23,0x45,0x67,0x89,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,
\x81\xc8\x00\x0c\x124Vx\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#Eg\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
artifact_prefix='fuzzer/reports/'; Test unit written to fuzzer/reports/leak-9401450d2dad5c11b31f93d7c69660e28ae6a1d6
Base64: gcgADBI0VngAAAAAAAAAAAAAAAAAAAAAAAAAACNFZ4kAAAAAAAAAAAAAAAAAAAAAAAAAAA==
@ibc ibc added this to the v2 updates milestone Dec 15, 2018
@ibc ibc mentioned this issue Dec 15, 2018
Closed
@ibc ibc changed the title LeakSanitizer: detected memory leaks detected memory leaks in RTCP/ReceiverReport.cpp Dec 15, 2018
@ibc
Copy link
Member Author

ibc commented Dec 15, 2018

NOTE: For this an all the "detected memory leaks" issues: Let's also try with fuzzer option -detect_leaks=0, and check how rss grows or not. It happens that LSAN may have problems detecting "false" leaks when using C++ std::unique_ptr and things like that. But not sure.

@ibc
Copy link
Member Author

ibc commented Dec 16, 2018

It was a wrong usage in fuzzer.cpp.

@ibc ibc closed this as completed Dec 16, 2018
jmillan added a commit that referenced this issue Mar 18, 2019
@jmillan
#247. Calculate consumer score entirely based on the Receiver Reports
345327c
jmillan added a commit that referenced this issue Mar 18, 2019
@jmillan
#247. Take into consideration that there may be more lost packets th…
e631fde 
…an expected
jmillan added a commit that referenced this issue Mar 18, 2019
@jmillan
#247. Take into consideration that there may be more lost packets th…
8f8bfb7 
…an expected (2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmillan jmillan

Labels
bug fuzzer
Milestone
v2 updates
Development

No branches or pull requests
2 participants
@ibc @jmillan