Skip to content

Memory-leak in Status.cc cause a DoS #707

New issue
New issue
Open
Open
Memory-leak in Status.cc cause a DoS#707
Labels
bug
@magicSwordsMan

Description

@magicSwordsMan
magicSwordsMan
opened on Jul 19, 2019

1、The program didn't free the array may cause a Dos attack.
(1)、
image

(2)、
image

Fuzz script: https://github.com/agroce/testleveldb/blob/master/TestLevelDB.cpp
POC: id^%000034,sig^%06,src^%000183,op^%havoc,rep^%8.zip

2、After run three times our Fuzzscript,we couldn't create the leveldb test database.

root@kali:~/deepstate/build/examples/testleveldb# ./TestLevelDB --input_test_file afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8
WARNING: No test specified, defaulting to last test defined (LevelDB_Fuzz)
TRACE: Initialized test input buffer with data from `afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8`
TRACE: Running: LevelDB_Fuzz from TestLevelDB.cpp(19)
TRACE: TestLevelDB.cpp(157): STEP #0: SET ROCKSDB write_buffer_size 344495
TRACE: TestLevelDB.cpp(51): STEP #1: BATCH PUT <IDOuAA> <>
TRACE: TestLevelDB.cpp(36): STEP #2: PUT <> <> 0
TRACE: TestLevelDB.cpp(83): STEP #3: BATCH DELETE <ZZZ>
TRACE: TestLevelDB.cpp(51): STEP #4: BATCH PUT <ZZZP6A2AAAAAAAAAAAAAAAAdZ> <ZZZZZP6CAAAAAdZzZ6A6AAAAAAAAAAAAAAAARZZZZZZZvIIAAAAAAAAAAAAAAAAAAAAAxVVVVAsCAAAAAqAwjUUUUUUBYUUUUUUUSU4AAAAAAAAAAAAAkPZZZ>
TRACE: TestLevelDB.cpp(51): STEP #5: BATCH PUT <ZAvUAAAAAAAACAAUAEAAAAAIA> <AAAAAAAAAAAAAAAAAAAAAA2AAAARZZZZZZZvIIfSpFw3ZZvIAAAAACAAdZZZZZzZA6AAAAAAAAAAAAAAAARZZZZZZZvIIAAAAARZZvIAAAAAAAdZZZZZ>
TRACE: TestLevelDB.cpp(51): STEP #6: BATCH PUT <P62fr91XlZZP6AAAAIQAABZZZ> <ZvIAeAAAAAAAAAAACAAAARZZZZZZZvIIAAAAARZZvIAA8AAAAAAAAAAAAAAAALZfZZZZFZYQYAAAAAAAAAAAAAAAAAAAArVVVVczAAAAAAIAUyUUUUUU7eUUU>
TRACE: TestLevelDB.cpp(109): STEP #7: ITERATOR CREATE
TRACE: TestLevelDB.cpp(51): STEP #8: BATCH PUT <yUUsAAAvD9CAAAAAAZZZpZ> <Z6AlUAAqAAAAAEAKAhAAAAAAAAAAAAAAAAAAAAAARZZZZZZZvIIfSpFw36AAAAAAAAAAAADDDDDDDCADCAAAPDDDDDDDDDDCRDDDDDDDDDDDDDDDDDDDyAAAA>
TRACE: TestLevelDB.cpp(83): STEP #9: BATCH DELETE <ZAAAAAVhVVVczAAAAAAIAUUUA>
TRACE: TestLevelDB.cpp(109): STEP #10: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #11: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #12: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #13: ITERATOR CREATE
TRACE: TestLevelDB.cpp(157): STEP #14: SET ROCKSDB write_buffer_size 89677135
TRACE: TestLevelDB.cpp(104): STEP #15: BATCH CLEAR
TRACE: TestLevelDB.cpp(109): STEP #16: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #17: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #18: ITERATOR CREATE
TRACE: TestLevelDB.cpp(157): STEP #19: SET ROCKSDB write_buffer_size 122639430
TRACE: TestLevelDB.cpp(51): STEP #20: BATCH PUT <ZZZZ6tApyAeeAAAZZZJZZYAAA> <AKAhAAAAAEAiAAAAAAAAnAAAAAAAAAAAAAAAAAAABZZZZZZFZYvc0wT5BZFZYAAAAAEAAZZZZZZ>
TRACE: TestLevelDB.cpp(142): STEP #21: ITERATOR NEXT
TRACE: TestLevelDB.cpp(119): STEP #22: ITERATOR SEEK <>
TRACE: TestLevelDB.cpp(157): STEP #23: SET ROCKSDB write_buffer_size 128
TRACE: TestLevelDB.cpp(36): STEP #24: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #25: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #26: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #27: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #28: PUT <> <ZZZZZZZP6CAAAAAdZZP6AAAAAAABZZZZZZFZYvc0wT5BZFZYAA> 0
TRACE: TestLevelDB.cpp(36): STEP #29: PUT <> <AARZZZdZ> 1
TRACE: TestLevelDB.cpp(142): STEP #30: ITERATOR NEXT
TRACE: TestLevelDB.cpp(51): STEP #31: BATCH PUT <> <AAAAAAAAAAAAAAAAAZZZZZZZzZAEAAAAAZZzZAA2AAAAAAAAAAAAAAAABZ>
TRACE: TestLevelDB.cpp(119): STEP #32: ITERATOR SEEK <ZZZZP6CDAAAAAAAAAAAAACAAA>
TRACE: TestLevelDB.cpp(36): STEP #33: PUT <> <> 0
TRACE: TestLevelDB.cpp(127): STEP #34: ITERATOR SEEKTOLAST
TRACE: TestLevelDB.cpp(109): STEP #35: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #36: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #37: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #38: ITERATOR CREATE
TRACE: TestLevelDB.cpp(51): STEP #39: BATCH PUT <yUUsAAAvD9CAAAA0AZZZZZ> <Z6AlUAAAAwAAAEAKAhAAAOAAAAAACAAAABAAAAAAAAAARZZZZZZZvIIfSpFw3ZZvIAAAAAAAAAAAAAPDDDDDD6PXbAAABDDDDDDDDDD2AiAAAAHDDDDDBDDDD>
TRACE: TestLevelDB.cpp(36): STEP #40: PUT <DCA> <> 0
TRACE: TestLevelDB.cpp(36): STEP #41: PUT <> <ZZAAAAAVhlVVczAAAAAAIAUUUAUUUU7CQUUUsZZZZZZZzZApyAeeAAAZZZJZZZ6AlUAAAAAAACAAKAh> 0
TRACE: TestLevelDB.cpp(149): STEP #42: ITERATOR PREV
TRACE: TestLevelDB.cpp(36): STEP #43: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #44: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #45: PUT <> <> 0
TRACE: TestLevelDB.cpp(161): STEP #46: SET ROCKSDB max_write_buffer_number 9
TRACE: TestLevelDB.cpp(36): STEP #47: PUT <> <QsssssssssQssQAABZZZZZvIAeAAAAAAAAAAAAAAAARZZZZZZZvIIECAAARZZvIAAAAAAAdZZZZZ> 1
TRACE: TestLevelDB.cpp(51): STEP #48: BATCH PUT <ZYvc0> <T5BZFZ>
TRACE: TestLevelDB.cpp(83): STEP #49: BATCH DELETE <>
TRACE: Passed: LevelDB_Fuzz
root@kali:~/deepstate/build/examples/testleveldb# ./TestLevelDB --input_test_file afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8
WARNING: No test specified, defaulting to last test defined (LevelDB_Fuzz)
TRACE: Initialized test input buffer with data from `afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8`
TRACE: Running: LevelDB_Fuzz from TestLevelDB.cpp(19)
TRACE: TestLevelDB.cpp(157): STEP #0: SET ROCKSDB write_buffer_size 344495
TRACE: TestLevelDB.cpp(51): STEP #1: BATCH PUT <IDOuAA> <>
TRACE: TestLevelDB.cpp(36): STEP #2: PUT <> <> 0
TRACE: TestLevelDB.cpp(83): STEP #3: BATCH DELETE <ZZZ>
TRACE: TestLevelDB.cpp(51): STEP #4: BATCH PUT <ZZZP6A2AAAAAAAAAAAAAAAAdZ> <ZZZZZP6CAAAAAdZzZ6A6AAAAAAAAAAAAAAAARZZZZZZZvIIAAAAAAAAAAAAAAAAAAAAAxVVVVAsCAAAAAqAwjUUUUUUBYUUUUUUUSU4AAAAAAAAAAAAAkPZZZ>
TRACE: TestLevelDB.cpp(51): STEP #5: BATCH PUT <ZAvUAAAAAAAACAAUAEAAAAAIA> <AAAAAAAAAAAAAAAAAAAAAA2AAAARZZZZZZZvIIfSpFw3ZZvIAAAAACAAdZZZZZzZA6AAAAAAAAAAAAAAAARZZZZZZZvIIAAAAARZZvIAAAAAAAdZZZZZ>
TRACE: TestLevelDB.cpp(51): STEP #6: BATCH PUT <P62fr91XlZZP6AAAAIQAABZZZ> <ZvIAeAAAAAAAAAAACAAAARZZZZZZZvIIAAAAARZZvIAA8AAAAAAAAAAAAAAAALZfZZZZFZYQYAAAAAAAAAAAAAAAAAAAArVVVVczAAAAAAIAUyUUUUUU7eUUU>
TRACE: TestLevelDB.cpp(109): STEP #7: ITERATOR CREATE
TRACE: TestLevelDB.cpp(51): STEP #8: BATCH PUT <yUUsAAAvD9CAAAAAAZZZpZ> <Z6AlUAAqAAAAAEAKAhAAAAAAAAAAAAAAAAAAAAAARZZZZZZZvIIfSpFw36AAAAAAAAAAAADDDDDDDCADCAAAPDDDDDDDDDDCRDDDDDDDDDDDDDDDDDDDyAAAA>
TRACE: TestLevelDB.cpp(83): STEP #9: BATCH DELETE <ZAAAAAVhVVVczAAAAAAIAUUUA>
TRACE: TestLevelDB.cpp(109): STEP #10: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #11: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #12: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #13: ITERATOR CREATE
TRACE: TestLevelDB.cpp(157): STEP #14: SET ROCKSDB write_buffer_size 89677135
TRACE: TestLevelDB.cpp(104): STEP #15: BATCH CLEAR
TRACE: TestLevelDB.cpp(109): STEP #16: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #17: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #18: ITERATOR CREATE
TRACE: TestLevelDB.cpp(157): STEP #19: SET ROCKSDB write_buffer_size 122639430
TRACE: TestLevelDB.cpp(51): STEP #20: BATCH PUT <ZZZZ6tApyAeeAAAZZZJZZYAAA> <AKAhAAAAAEAiAAAAAAAAnAAAAAAAAAAAAAAAAAAABZZZZZZFZYvc0wT5BZFZYAAAAAEAAZZZZZZ>
TRACE: TestLevelDB.cpp(142): STEP #21: ITERATOR NEXT
TRACE: TestLevelDB.cpp(119): STEP #22: ITERATOR SEEK <>
TRACE: TestLevelDB.cpp(157): STEP #23: SET ROCKSDB write_buffer_size 128
TRACE: TestLevelDB.cpp(36): STEP #24: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #25: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #26: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #27: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #28: PUT <> <ZZZZZZZP6CAAAAAdZZP6AAAAAAABZZZZZZFZYvc0wT5BZFZYAA> 0
TRACE: TestLevelDB.cpp(36): STEP #29: PUT <> <AARZZZdZ> 1
TRACE: TestLevelDB.cpp(142): STEP #30: ITERATOR NEXT
TRACE: TestLevelDB.cpp(51): STEP #31: BATCH PUT <> <AAAAAAAAAAAAAAAAAZZZZZZZzZAEAAAAAZZzZAA2AAAAAAAAAAAAAAAABZ>
TRACE: TestLevelDB.cpp(119): STEP #32: ITERATOR SEEK <ZZZZP6CDAAAAAAAAAAAAACAAA>
TRACE: TestLevelDB.cpp(36): STEP #33: PUT <> <> 0
TRACE: TestLevelDB.cpp(127): STEP #34: ITERATOR SEEKTOLAST
TRACE: TestLevelDB.cpp(109): STEP #35: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #36: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #37: ITERATOR CREATE
TRACE: TestLevelDB.cpp(109): STEP #38: ITERATOR CREATE
TRACE: TestLevelDB.cpp(51): STEP #39: BATCH PUT <yUUsAAAvD9CAAAA0AZZZZZ> <Z6AlUAAAAwAAAEAKAhAAAOAAAAAACAAAABAAAAAAAAAARZZZZZZZvIIfSpFw3ZZvIAAAAAAAAAAAAAPDDDDDD6PXbAAABDDDDDDDDDD2AiAAAAHDDDDDBDDDD>
TRACE: TestLevelDB.cpp(36): STEP #40: PUT <DCA> <> 0
TRACE: TestLevelDB.cpp(36): STEP #41: PUT <> <ZZAAAAAVhlVVczAAAAAAIAUUUAUUUU7CQUUUsZZZZZZZzZApyAeeAAAZZZJZZZ6AlUAAAAAAACAAKAh> 0
TRACE: TestLevelDB.cpp(149): STEP #42: ITERATOR PREV
TRACE: TestLevelDB.cpp(36): STEP #43: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #44: PUT <> <> 0
TRACE: TestLevelDB.cpp(36): STEP #45: PUT <> <> 0
TRACE: TestLevelDB.cpp(161): STEP #46: SET ROCKSDB max_write_buffer_number 9
TRACE: TestLevelDB.cpp(36): STEP #47: PUT <> <QsssssssssQssQAABZZZZZvIAeAAAAAAAAAAAAAAAARZZZZZZZvIIECAAARZZvIAAAAAAAdZZZZZ> 1
TRACE: TestLevelDB.cpp(51): STEP #48: BATCH PUT <ZYvc0> <T5BZFZ>
TRACE: TestLevelDB.cpp(83): STEP #49: BATCH DELETE <>
TRACE: Passed: LevelDB_Fuzz
root@kali:~/deepstate/build/examples/testleveldb# ./TestLevelDB --input_test_file afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8
WARNING: No test specified, defaulting to last test defined (LevelDB_Fuzz)
TRACE: Initialized test input buffer with data from `afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8`
TRACE: Running: LevelDB_Fuzz from TestLevelDB.cpp(19)
CRITICAL: TestLevelDB.cpp(27): Could not create the leveldb test database!
ERROR: Failed: LevelDB_Fuzz
ERROR: Test case afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8 failed


root@kali:~/deepstate/build/examples/testleveldb# valgrind -v --tool=memcheck --leak-check=full ./TestLevelDB afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8
==25349== Memcheck, a memory error detector
==25349== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==25349== Using Valgrind-3.14.0-353a3587bb-20181007X and LibVEX; rerun with -h for copyright info
==25349== Command: ./TestLevelDB afl_OneOf/crashes/id:000034,sig:06,src:000183,op:havoc,rep:8
==25349== 
--25349-- Valgrind options:
--25349--    -v
--25349--    --tool=memcheck
--25349--    --leak-check=full
--25349-- Contents of /proc/version:
--25349--   Linux version 4.18.0-kali2-amd64 ([email protected]) (gcc version 7.3.0 (Debian 7.3.0-29)) #1 SMP Debian 4.18.10-2kali1 (2018-10-09)
--25349-- 
--25349-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-avx-avx2-bmi
--25349-- Page sizes: currently 4096, max supported 4096
--25349-- Valgrind library directory: /usr/lib/x86_64-linux-gnu/valgrind
--25349-- Reading syms from /root/deepstate/build/examples/testleveldb/TestLevelDB
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/ld-2.28.so
--25349--   Considering /usr/lib/debug/.build-id/f2/5dfd7b95be4ba386fd71080accae8c0732b711.debug ..
--25349--   .. build-id is valid
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux
--25349--   Considering /usr/lib/debug/.build-id/32/2e77af97f403c3d34ff09edf60b089e72ec889.debug ..
--25349--   .. build-id is valid
--25349--    object doesn't have a dynamic symbol table
--25349-- Scheduler: using generic scheduler lock implementation.
--25349-- Reading suppressions file: /usr/lib/x86_64-linux-gnu/valgrind/default.supp
==25349== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-25349-by-root-on-???
==25349== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-25349-by-root-on-???
==25349== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-25349-by-root-on-???
==25349== 
==25349== TO CONTROL THIS PROCESS USING vgdb (which you probably
==25349== don't want to do, unless you know exactly what you're doing,
==25349== or are doing some strange experiment):
==25349==   /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=25349 ...command...
==25349== 
==25349== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==25349==   /path/to/gdb ./TestLevelDB
==25349== and then give GDB the following command
==25349==   target remote | /usr/lib/x86_64-linux-gnu/valgrind/../../bin/vgdb --pid=25349
==25349== --pid is optional if only one valgrind process is running
==25349== 
--25349-- REDIR: 0x401e2f0 (ld-linux-x86-64.so.2:strlen) redirected to 0x580c9ce2 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--25349-- REDIR: 0x401e0d0 (ld-linux-x86-64.so.2:index) redirected to 0x580c9cfc (vgPlain_amd64_linux_REDIR_FOR_index)
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so
--25349--   Considering /usr/lib/debug/.build-id/34/fbc4cdfbfce1bfc3d2e522a01a050bf724c930.debug ..
--25349--   .. build-id is valid
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so
--25349--   Considering /usr/lib/debug/.build-id/ca/bb7898ea982d936cbfadd70ae831c6eb63623f.debug ..
--25349--   .. build-id is valid
==25349== WARNING: new redirection conflicts with existing -- ignoring it
--25349--     old: 0x0401e2f0 (strlen              ) R-> (0000.0) 0x580c9ce2 vgPlain_amd64_linux_REDIR_FOR_strlen
--25349--     new: 0x0401e2f0 (strlen              ) R-> (2007.0) 0x04838d80 strlen
--25349-- REDIR: 0x401ab10 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4839e40 (strcmp)
--25349-- REDIR: 0x401e830 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x483d860 (mempcpy)
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/libpthread-2.28.so
--25349--   Considering /usr/lib/debug/.build-id/e9/1114987a0147bd050addbd591eb8994b29f4b3.debug ..
--25349--   .. build-id is valid
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.25
--25349--    object doesn't have a symbol table
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/libm-2.28.so
--25349--   Considering /usr/lib/debug/.build-id/88/5dda4b4a5cea600e7b5b98c1ad86996c8d2299.debug ..
--25349--   .. build-id is valid
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
--25349--    object doesn't have a symbol table
--25349-- Reading syms from /usr/lib/x86_64-linux-gnu/libc-2.28.so
--25349--   Considering /usr/lib/debug/.build-id/18/b9a9a8c523e5cfe5b5d946d605d09242f09798.debug ..
--25349--   .. build-id is valid
--25349-- REDIR: 0x4c35f70 (libc.so.6:memmove) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35160 (libc.so.6:strncpy) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c36250 (libc.so.6:strcasecmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c34b70 (libc.so.6:strcat) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35190 (libc.so.6:rindex) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c37890 (libc.so.6:rawmemchr) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c50230 (libc.so.6:wmemchr) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c4fcd0 (libc.so.6:wcscmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c360e0 (libc.so.6:mempcpy) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35f10 (libc.so.6:bcmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35100 (libc.so.6:strncmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c34be0 (libc.so.6:strcmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c36040 (libc.so.6:memset) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c4fca0 (libc.so.6:wcschr) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c350a0 (libc.so.6:strnlen) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c34c70 (libc.so.6:strcspn) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c362a0 (libc.so.6:strncasecmp) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c34c40 (libc.so.6:strcpy) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c363e0 (libc.so.6:memcpy@@GLIBC_2.14) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c514d0 (libc.so.6:wcsnlen) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c351c0 (libc.so.6:strpbrk) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c34ba0 (libc.so.6:index) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35070 (libc.so.6:strlen) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c3c280 (libc.so.6:memrchr) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c362f0 (libc.so.6:strcasecmp_l) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35ee0 (libc.so.6:memchr) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c4fdb0 (libc.so.6:wcslen) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c35460 (libc.so.6:strspn) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c36220 (libc.so.6:stpncpy) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c361f0 (libc.so.6:stpcpy) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c378c0 (libc.so.6:strchrnul) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4c36340 (libc.so.6:strncasecmp_l) redirected to 0x482b1b0 (_vgnU_ifunc_wrapper)
--25349-- REDIR: 0x4d08fa0 (libc.so.6:__strrchr_avx2) redirected to 0x4838790 (rindex)
--25349-- REDIR: 0x4c31350 (libc.so.6:malloc) redirected to 0x4835710 (malloc)
--25349-- REDIR: 0x4d09170 (libc.so.6:__strlen_avx2) redirected to 0x4838c60 (strlen)
--25349-- REDIR: 0x4d096b0 (libc.so.6:__memcpy_avx_unaligned_erms) redirected to 0x483c8a0 (memmove)
--25349-- REDIR: 0x4d08db0 (libc.so.6:__strchrnul_avx2) redirected to 0x483d390 (strchrnul)
--25349-- REDIR: 0x4d09b30 (libc.so.6:__memset_avx2_unaligned_erms) redirected to 0x483c790 (memset)
--25349-- REDIR: 0x4d09690 (libc.so.6:__mempcpy_avx_unaligned_erms) redirected to 0x483d4a0 (mempcpy)
TRACE: Running: LevelDB_Fuzz from TestLevelDB.cpp(19)
--25624-- REDIR: 0x4c4b710 (libc.so.6:__stpcpy_sse2_unaligned) redirected to 0x483c3f0 (__stpcpy_sse2_unaligned)
--25624-- REDIR: 0x4d052d0 (libc.so.6:__rawmemchr_avx2) redirected to 0x483d3c0 (rawmemchr)
--25624-- REDIR: 0x4c319a0 (libc.so.6:free) redirected to 0x4836940 (free)
--25624-- REDIR: 0x491efc0 (libstdc++.so.6:operator new(unsigned long)) redirected to 0x4835d80 (operator new(unsigned long))
--25624-- REDIR: 0x491d260 (libstdc++.so.6:operator delete(void*)) redirected to 0x4836e40 (operator delete(void*))
--25624-- REDIR: 0x491f070 (libstdc++.so.6:operator new[](unsigned long)) redirected to 0x48364a0 (operator new[](unsigned long))
--25624-- REDIR: 0x491d290 (libstdc++.so.6:operator delete[](void*)) redirected to 0x4837520 (operator delete[](void*))
--25624-- REDIR: 0x4d05780 (libc.so.6:__memcmp_avx2_movbe) redirected to 0x483c060 (bcmp)
CRITICAL: TestLevelDB.cpp(27): Could not create the leveldb test database!
ERROR: Failed: LevelDB_Fuzz
==25624== 
==25624== HEAP SUMMARY:
==25624==     in use at exit: 632 bytes in 3 blocks
==25624==   total heap usage: 70 allocs, 67 frees, 252,995 bytes allocated
==25624== 
==25624== Searching for pointers to 3 not-freed blocks
==25624== Checked 249,968 bytes
==25624== 
==25624== 56 bytes in 1 blocks are definitely lost in loss record 1 of 3
==25624==    at 0x483650F: operator new[](unsigned long) (vg_replace_malloc.c:423)
==25624==    by 0x483E87: leveldb::Status::Status(leveldb::Status::Code, leveldb::Slice const&, leveldb::Slice const&) (status.cc:26)
==25624==    by 0x48A0EB: leveldb::(anonymous namespace)::PosixError(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int) (status.h:53)
==25624==    by 0x48797D: leveldb::(anonymous namespace)::PosixEnv::RenameFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (env_posix.cc:623)
==25624==    by 0x439C07: leveldb::SetCurrentFile(leveldb::Env*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, unsigned long) (filename.cc:133)
==25624==    by 0x411771: leveldb::DBImpl::NewDB() (db_impl.cc:207)
==25624==    by 0x413950: leveldb::DBImpl::Recover(leveldb::VersionEdit*, bool*) (db_impl.cc:305)
==25624==    by 0x426B6A: leveldb::DB::Open(leveldb::Options const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, leveldb::DB**) (db_impl.cc:1487)
==25624==    by 0x403ACA: DeepState_Test_LevelDB_Fuzz() (TestLevelDB.cpp:26)
==25624==    by 0x4039FD: DeepState_Run_LevelDB_Fuzz() (TestLevelDB.cpp:19)
==25624==    by 0x4A5912: DeepState_RunTest (DeepState.h:532)
==25624==    by 0x4A53CB: DeepState_Run (DeepState.h:897)
==25624==    by 0x4A53CB: main (DeepState.c:941)
==25624== 
==25624== LEAK SUMMARY:
==25624==    definitely lost: 56 bytes in 1 blocks
==25624==    indirectly lost: 0 bytes in 0 blocks
==25624==      possibly lost: 0 bytes in 0 blocks
==25624==    still reachable: 576 bytes in 2 blocks
==25624==         suppressed: 0 bytes in 0 blocks
==25624== Reachable blocks (those to which a pointer was found) are not shown.
==25624== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==25624== 
==25624== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==25624== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
--25349-- REDIR: 0x4c319a0 (libc.so.6:free) redirected to 0x4836940 (free)
==25349== 
==25349== HEAP SUMMARY:
==25349==     in use at exit: 0 bytes in 0 blocks
==25349==   total heap usage: 1 allocs, 1 frees, 72,704 bytes allocated
==25349== 
==25349== All heap blocks were freed -- no leaks are possible
==25349== 
==25349== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==25349== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions