Skip to content

Memory Leak in MATIO Sparse Matrix Parsing #282

New issue
New issue
Open
Open
Memory Leak in MATIO Sparse Matrix Parsing#282
@Young-Nong

Description

@Young-Nong
Young-Nong
opened on Nov 2, 2025

Description

When executing MATIO against specific PoC, there are multiple memory leaks triggered by malformed MAT5 files. The leaks occur in the ReadSparse and related MAT5 parsing functions, specifically when reading sparse arrays inside struct fields.

Command and output:

(base) yunong@cailab-gpu4:~/oss-fuzz$ python3 infra/helper.py reproduce matio matio_fuzzer ./povs/matio_fuzzer_27675.bin
INFO:__main__:Running: docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e HELPER=True -e ARCHITECTURE=x86_64 -v /data1/yunong/oss-fuzz/build/out/matio:/out -v /data1/yunong/oss-fuzz/povs/matio_fuzzer_27675.bin:/testcase -t gcr.io/oss-fuzz-base/base-runner:latest reproduce matio_fuzzer -runs=100.
(base) yunong@cailab-gpu4:~/oss-fuzz$ docker run --privileged --shm-size=2g --platform linux/amd64 --rm -i -e HELPER=True -e ARCHITECTURE=x86_64 -v /data1/yunong/oss-fuzz/build/out/matio:/out -v /data1/yunong/oss-fuzz/povs/matio_fuzzer_27675.bin:/testcase -t gcr.io/oss-fuzz-base/base-runner:latest reproduce matio_fuzzer -runs=100
+ FUZZER=matio_fuzzer
+ shift
+ '[' '!' -v TESTCASE ']'
+ TESTCASE=/testcase
+ '[' '!' -f /testcase ']'
+ export RUN_FUZZER_MODE=interactive
+ RUN_FUZZER_MODE=interactive
+ export FUZZING_ENGINE=libfuzzer
+ FUZZING_ENGINE=libfuzzer
+ export SKIP_SEED_CORPUS=1
+ SKIP_SEED_CORPUS=1
+ run_fuzzer matio_fuzzer -runs=100 /testcase
sysctl: permission denied on key "vm.mmap_rnd_bits", ignoring
/out/matio_fuzzer -- -rss_limit_mb=2560 -timeout=25 -runs=100 /testcase -dict=matio_fuzzer.dict < /dev/null
INFO: libFuzzer ignores flags that start with '--'
Dictionary: 4 entries
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3303599839
INFO: Loaded 1 modules   (99757 inline 8-bit counters): 99757 [0x557972124e88, 0x55797213d435),
INFO: Loaded 1 PC tables (99757 PCs): 99757 [0x55797213d438,0x5579722c2f08),
/out/matio_fuzzer: Running 1 inputs 100 time(s) each.
Running: /testcase
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
-W- ossfuzz: Unexpected end-of-file: Read 0 bytes, expected 4 bytes
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
      Name: easy
      Rank: 2
Dimensions: 1 x 1
Class Type: Structure
 Data Type: Structure
Fields[6] {
      Name: d
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
      Name: s
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
      Name: i3h
      Rank: 0
      Name: i16
      Rank: 0
      Name: i8
      Rank: 0
      Name: c
      Rank: 0
}
      Name: easy
      Rank: 2
Dimensions: 1 x 1
Class Type: Structure
 Data Type: Structure
Fields[6] {
      Name: d
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
{
}
      Name: s
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
{
}
      Name: i3h
      Rank: 0
      Name: i16
      Rank: 0
      Name: i8
      Rank: 0
      Name: c
      Rank: 0
}
-W- ossfuzz: Unexpected end-of-file: Read 0 bytes, expected 4 bytes
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
-W- ossfuzz: Unexpected end-of-file: Read 0 bytes, expected 4 bytes
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
      Name: easy
      Rank: 2
Dimensions: 1 x 1
Class Type: Structure
 Data Type: Structure
Fields[6] {
      Name: d
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
      Name: s
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
      Name: i3h
      Rank: 0
      Name: i16
      Rank: 0
      Name: i8
      Rank: 0
      Name: c
      Rank: 0
}
      Name: easy
      Rank: 2
Dimensions: 1 x 1
Class Type: Structure
 Data Type: Structure
Fields[6] {
      Name: d
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
{
}
      Name: s
      Rank: 2
Dimensions: 5 x 10
Class Type: Sparse Array
{
}
      Name: i3h
      Rank: 0
      Name: i16
      Rank: 0
      Name: i8
      Rank: 0
      Name: c
      Rank: 0
}
-W- ossfuzz: Unexpected end-of-file: Read 0 bytes, expected 4 bytes
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX
-E- ossfuzz: fields[2], Uncompressed type not MAT_T_MATRIX

=================================================================
==14==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 7968 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x557971625ac5 in Mat_VarRead5 /src/matio/src/mat5.c:3416:27
    #4 0x55797160100a in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:43:9
    #5 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #6 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #7 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #8 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #9 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #10 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 7968 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x557971625ac5 in Mat_VarRead5 /src/matio/src/mat5.c:3416:27
    #4 0x55797160ff28 in ReadData /src/matio/src/mat.c:109:16
    #5 0x55797160ff28 in Mat_VarRead /src/matio/src/mat.c:2791:29
    #6 0x55797160113f in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:63:18
    #7 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #8 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #9 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #10 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #11 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 7968 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x557971625ac5 in Mat_VarRead5 /src/matio/src/mat5.c:3416:27
    #4 0x5579716103ec in ReadData /src/matio/src/mat.c:109:16
    #5 0x5579716103ec in Mat_VarReadNextPredicate /src/matio/src/mat.c:2857:29
    #6 0x5579716010b9 in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:57:23
    #7 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #8 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #9 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #10 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #11 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #12 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 4370 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625c07 in Mat_VarRead5 /src/matio/src/mat5.c:3466:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971600fe9 in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:42:23
    #6 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #7 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #8 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #9 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #10 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 4370 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625c07 in Mat_VarRead5 /src/matio/src/mat5.c:3466:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971605e1d in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x557971605e1d in Mat_VarReadNextInfo /src/matio/src/mat.c:2643:12
    #7 0x557971605e1d in Mat_GetDir /src/matio/src/mat.c:827:26
    #8 0x557971600fdd in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:39:24
    #9 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #10 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #11 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #12 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #13 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #14 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 4370 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625c07 in Mat_VarRead5 /src/matio/src/mat5.c:3466:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971610363 in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x557971610363 in Mat_VarReadNextPredicate /src/matio/src/mat.c:2855:18
    #7 0x5579716010b9 in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:57:23
    #8 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #9 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #10 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #11 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #12 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #13 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 4370 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625c07 in Mat_VarRead5 /src/matio/src/mat5.c:3466:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x55797160fa8d in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x55797160fa8d in Mat_VarReadNextInfo /src/matio/src/mat.c:2643:12
    #7 0x55797160fa8d in Mat_VarReadInfo /src/matio/src/mat.c:2746:26
    #8 0x55797160fec1 in Mat_VarRead /src/matio/src/mat.c:2789:18
    #9 0x55797160113f in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:63:18
    #10 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #11 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #12 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #13 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #14 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 50 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971610363 in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x557971610363 in Mat_VarReadNextPredicate /src/matio/src/mat.c:2855:18
    #7 0x5579716010b9 in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:57:23
    #8 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #9 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #10 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #11 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #12 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #13 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 50 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x55797160fa8d in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x55797160fa8d in Mat_VarReadNextInfo /src/matio/src/mat.c:2643:12
    #7 0x55797160fa8d in Mat_VarReadInfo /src/matio/src/mat.c:2746:26
    #8 0x55797160fec1 in Mat_VarRead /src/matio/src/mat.c:2789:18
    #9 0x55797160113f in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:63:18
    #10 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #11 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #12 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #13 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #14 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 50 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971600fe9 in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:42:23
    #6 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #7 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #8 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #9 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #10 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
Direct leak of 50 byte(s) in 1 object(s) allocated from:
    #0 0x5579715bd339 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:74:3
    #1 0x55797162b2b9 in ReadSparse /src/matio/src/mat5.c:532:26
    #2 0x557971625657 in Mat_VarRead5 /src/matio/src/mat5.c:3459:19
    #3 0x5579716b72f6 in ReadNextStructField /src/matio/src/mat5.c:1710:45
    #4 0x5579716b3c73 in Mat_VarReadNextInfo5 /src/matio/src/mat5.c:5571:27
    #5 0x557971605e1d in Mat_VarReadNextInfoPredicate /src/matio/src/mat.c:2669:22
    #6 0x557971605e1d in Mat_VarReadNextInfo /src/matio/src/mat.c:2643:12
    #7 0x557971605e1d in Mat_GetDir /src/matio/src/mat.c:827:26
    #8 0x557971600fdd in MatioRead(char const*) /src/matio/ossfuzz/./matio_wrap.h:39:24
    #9 0x557971601225 in LLVMFuzzerTestOneInput /src/matio/ossfuzz/./matio_fuzzer.cpp:30:12
    #10 0x55797149e81d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    #11 0x557971489592 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    #12 0x55797148f460 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    #13 0x5579714baf92 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #14 0x7fe92ce86082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d)

DEDUP_TOKEN: __interceptor_calloc--ReadSparse--Mat_VarRead5
SUMMARY: AddressSanitizer: 41584 byte(s) leaked in 11 allocation(s).

INFO: a leak has been found in the initial corpus.

INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.

Version: 1.5.28 (commit f094c0d)

matio_fuzzer_27675.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions