[Bug 929109] New: VUL-0: libnettle: Possible memory leak
http://bugzilla.suse.com/show_bug.cgi?id=929109 Bug ID: 929109 Summary: VUL-0: libnettle: Possible memory leak Classification: openSUSE Product: openSUSE Factory Version: 201503* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: vpereira@novell.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Compiling libnettle *64 bits* with Address Sanitizer enabled, we get the following error: [ 194s] ================================================================= [ 194s] ==4331==ERROR: LeakSanitizer: detected memory leaks [ 194s] [ 194s] Direct leak of 10240 byte(s) in 1 object(s) allocated from: [ 194s] #0 0x7fbd66854c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 194s] #1 0x413b0b in ecc_alloc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x413b0b) [ 194s] #2 0x4144a7 in ecc_pippenger_precompute (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4144a7) [ 194s] #3 0x4176d2 in main (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4176d2) [ 194s] #4 0x7fbd6643e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) [ 194s] [ 194s] Direct leak of 2560 byte(s) in 320 object(s) allocated from: [ 194s] #0 0x7fbd66854c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 194s] #1 0x4011e7 in gmp_default_alloc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4011e7) [ 194s] #2 0x40139d in gmp_xalloc_limbs (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x40139d) [ 194s] #3 0x406488 in mpz_init (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x406488) [ 194s] #4 0x4163ea in output_digits (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4163ea) [ 194s] #5 0x4167f5 in output_point_redc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4167f5) [ 194s] #6 0x4172f8 in output_curve (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4172f8) [ 194s] #7 0x417778 in main (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x417778) [ 194s] #8 0x7fbd6643e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) [ 194s] [ 194s] Direct leak of 2560 byte(s) in 320 object(s) allocated from: [ 194s] #0 0x7fbd66854c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 194s] #1 0x4011e7 in gmp_default_alloc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4011e7) [ 194s] #2 0x40139d in gmp_xalloc_limbs (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x40139d) [ 194s] #3 0x406488 in mpz_init (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x406488) [ 194s] #4 0x4163ea in output_digits (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4163ea) [ 194s] #5 0x416856 in output_point_redc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x416856) [ 194s] #6 0x4172f8 in output_curve (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4172f8) [ 194s] #7 0x417778 in main (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x417778) [ 194s] #8 0x7fbd6643e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) [ 194s] [ 194s] Direct leak of 2560 byte(s) in 320 object(s) allocated from: [ 194s] #0 0x7fbd66854c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 194s] #1 0x4011e7 in gmp_default_alloc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4011e7) [ 194s] #2 0x40139d in gmp_xalloc_limbs (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x40139d) [ 194s] #3 0x406488 in mpz_init (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x406488) [ 194s] #4 0x4163ea in output_digits (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4163ea) [ 194s] #5 0x4166b1 in output_point (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4166b1) [ 194s] #6 0x41743d in output_curve (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x41743d) [ 194s] #7 0x417778 in main (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x417778) [ 194s] #8 0x7fbd6643e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) [ 194s] [ 194s] Direct leak of 2560 byte(s) in 320 object(s) allocated from: [ 194s] #0 0x7fbd66854c4a in malloc (/usr/lib64/libasan.so.2+0x96c4a) [ 194s] #1 0x4011e7 in gmp_default_alloc (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4011e7) [ 194s] #2 0x40139d in gmp_xalloc_limbs (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x40139d) [ 194s] #3 0x406488 in mpz_init (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x406488) [ 194s] #4 0x4163ea in output_digits (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x4163ea) [ 194s] #5 0x416699 in output_point (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x416699) [ 194s] #6 0x41743d in output_curve (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x41743d) [ 194s] #7 0x417778 in main (/home/abuild/rpmbuild/BUILD/nettle-2.7.1/eccdata+0x417778) [ 194s] #8 0x7fbd6643e8c4 in __libc_start_main (/lib64/libc.so.6+0x208c4) [ 194s] ..... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=929109
Andreas Stieger
http://bugzilla.suse.com/show_bug.cgi?id=929109
--- Comment #3 from Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=929109
--- Comment #4 from Andreas Stieger
Sent mail here: https://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
http://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003388.html No reply as of writing. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=929109
http://bugzilla.suse.com/show_bug.cgi?id=929109#c5
Andreas Stieger
The second one is about memory leaks, and it would be better if someone more aware of the source took a look wether and how to fix it.
This looks like the program eccdata doesn't free its storage before exit. This is a program used at build time to generate ecc-related tables.
I'd accept patches to fix this, but I don't think it's very important. I think the nicest way is to add a function ecc_curve_clear to deallocate all storage, and add a call
ecc_curve_clear (&ecc);
at the end of the main function.
Victor, as the next step can I ask you to please re-run ASAN on the latest release (3.1.1 as of writing, in Factory). This might interest upstream more. Tomáš... does the above outline of a fix make sense to you? Could you have a look at the code to see if this would fix the address handling error? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=929109
http://bugzilla.suse.com/show_bug.cgi?id=929109#c6
Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=929109
http://bugzilla.suse.com/show_bug.cgi?id=929109#c7
Victor Pereira
participants (1)
-
bugzilla_noreply@novell.com