Memory leak detected by ASAN and valgrind #1
Description
I'm using commit 8969b33
I was writing code for logging in with Microsoft and encounter this bug which happens with specific response from the authentication server (i replace the tokens with dummy data)
Reproduction Steps
Reproduction code (compile with clang -g -fsanitize=address -o main main.c or gcc -g -lasan -o main main.c)
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#define SJSON_IMPLEMENT
#include "sjson.h"
int main() {
const char* input = "{\"token_type\":\"Bearer\",\"scope\":\"XboxLive.signin\",\"expires_in\":3600,\"ext_expires_in\":3600,\"access_token\":\"foxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfox\",\"refresh_token\":\"foxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxfoxf\"}";
sjson_context* ctx = sjson_create_context(0, 0, NULL);
sjson_decode(ctx, input);
sjson_destroy_context(ctx);
return EXIT_SUCCESS;
}Output with ASAN
=================================================================
==64130==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 8216 byte(s) in 1 object(s) allocated from:
#0 0x55a37dc5847e in malloc (/data/home/fox/Playground/src/main+0xe247e) (BuildId: e7b8040bf33a7769)
#1 0x55a37dc9b2c7 in sjson__str_page_create /data/home/fox/Playground/./sjson.h:582:47
#2 0x55a37dc9ee22 in sjson__str_grow /data/home/fox/Playground/./sjson.h:787:37
#3 0x55a37dc9c509 in sjson__parse_string /data/home/fox/Playground/./sjson.h:1876:19
#4 0x55a37dc93c20 in sjson__parse_value /data/home/fox/Playground/./sjson.h:1648:17
#5 0x55a37dc9d282 in sjson__parse_object /data/home/fox/Playground/./sjson.h:1753:14
#6 0x55a37dc93e1f in sjson__parse_value /data/home/fox/Playground/./sjson.h:1665:17
#7 0x55a37dc932a4 in sjson_decode /data/home/fox/Playground/./sjson.h:1077:10
#8 0x55a37dc9a677 in main /data/home/fox/Playground/main.c:11:3
#9 0x7fb37a858d09 in __libc_start_main csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: 8216 byte(s) leaked in 1 allocation(s).
Output with Valgrind 3.16.1 (Command: valgrind --leak-check=full ./main and with -gdwarf-4 instead -g in compile command)
==64888== Memcheck, a memory error detector
==64888== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==64888== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==64888== Command: ./main
==64888==
==64888==
==64888== HEAP SUMMARY:
==64888== in use at exit: 8,216 bytes in 1 blocks
==64888== total heap usage: 13 allocs, 12 frees, 82,272 bytes allocated
==64888==
==64888== 8,216 bytes in 1 blocks are definitely lost in loss record 1 of 1
==64888== at 0x483877F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==64888== by 0x110127: sjson__str_page_create (sjson.h:582)
==64888== by 0x1113BC: sjson__str_grow (sjson.h:787)
==64888== by 0x1105BC: sjson__parse_string (sjson.h:1876)
==64888== by 0x10CD26: sjson__parse_value (sjson.h:1648)
==64888== by 0x110944: sjson__parse_object (sjson.h:1753)
==64888== by 0x10CDBE: sjson__parse_value (sjson.h:1665)
==64888== by 0x10CA61: sjson_decode (sjson.h:1077)
==64888== by 0x10FC57: main (main.c:11)
==64888==
==64888== LEAK SUMMARY:
==64888== definitely lost: 8,216 bytes in 1 blocks
==64888== indirectly lost: 0 bytes in 0 blocks
==64888== possibly lost: 0 bytes in 0 blocks
==64888== still reachable: 0 bytes in 0 blocks
==64888== suppressed: 0 bytes in 0 blocks
==64888==
==64888== For lists of detected and suppressed errors, rerun with: -s
==64888== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Notes
- Anything cannot change except the content of key and value part of JSON (including the length of key and value)
- Input cannot change its length or the leak disappear
- This is very specific bug trigger on very specific JSON
- The
"vs'matter (changing"to'at any position and any amount make the leak gone) - Memory sanitizer and undefined sanitizer detected nothing
- I may not exhaust all possible mutation of this specific input to trigger the bug. So feel free to try different mutation to the input
System information
Kernel: Linux 6.0.6 (self compiled from kernel.org with ThinLTO)
Distro: Debian 11.5
Clang: 15.0.2-++20221003113153+5f620d003fda-1exp120221003113249.70 (from http://apt.llvm.org/bullseye/)
GCC: gcc (Debian 10.2.1-6) 10.2.1 20210110
Valgrind: 3.16.1
Architecture: x86_64
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Libc: GLibc 2.31-13+deb11u4