-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memory leak in yajl_tree_parse function. #250
Comments
please refer to: |
This issue has been assigned CVE-2023-33460 |
It is slightly ambiguous whether the leading and trailing quotes here were intended to be part of the example JSON document. AFAICT though, to get the same set of three LeakSanitizer reports, requires omitting the leading/trailing quotes. i.e. parsing this document:
And these three leaks were actually fixed by a much older commit: openEuler-BaseService@3d65cb0c If you include the trailing and leading quotes, asking it to parse this document:
Then you only get two different leaks:
and they are indeed fixed by this newer commit:
IOW, anyone patching a vanilla lloyd yajl 2.1.0 needs to pull both commits openEuler-BaseService@23a122e |
reason: fix memory leak problem (cherry picked from commit 3d65cb0 in https://github.com/openEuler-BaseService) Fixes: lloyd#250 (CVE-2023-33460)
(cherry picked from commit 23a122e in https://github.com/openEuler-BaseService) Fixes: lloyd#250 (CVE-2023-33460)
reason: fix memory leak problem (cherry picked from commit 3d65cb0 in https://github.com/openEuler-BaseService) Fixes: lloyd#250 (CVE-2023-33460)
(cherry picked from commit 23a122e in https://github.com/openEuler-BaseService) Fixes: lloyd#250 (CVE-2023-33460)
- use wrapped malloc() et al wrappers consistently - update example/parse_config.c to do memory leak detection - add a regression test using example/parse_config Several issues in lloyd/yajl complained about this leak, and comments in lloyd/yajl#102 showed a mostly correct fix though none of these issues mentioned or actually fixed the directly related error reporting problem. Fixes lloyd/yajl#102, fixes lloyd/yajl#113, fixes lloyd/yajl#168, fixes lloyd/yajl#191, fixes lloyd/yajl#223, fixes lloyd/yajl#250. Also fixes lloy/yajl#185.
lloyd/yajl#250 Signed-off-by: Ariadne Conill <[email protected]>
Memory leak in yajl 2.1.0 with use of yajl_tree_parse function See lloyd#250 (comment) Origin: openEuler-BaseService@23a122e Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984 Bug: lloyd#250
Anyone knows what next release number will contain this fix in yajl? |
This project hasn't had any development activity in ~9 years, so I doubt there'll be any next release. |
@NotmebutWind @berrange I'm not cmake expert, and I tried to add the following lines into CMakeLists.txt then compile it, but it doesn't work for me, I also tried to use gcc or clang directly[1][2], but it always raised undefined reference, the yajl_tree.h indeed exists under the build/yajl-2.1.1/include/yajl/ and /usr/include/yajl/, so I think my testing must be wrong, please correct me, it will be better if your guys can share your configuration of the CMakeLists.txt, thank you so much!
[1]
[2]
I also tried to modify example/CMakeLists.txt with the following lines, although I can compile parse_config.c successfully, I can't see expected leak, in addition, the ./parse_config "{"@\\n\\"" will hang forever.
|
CMake is the worst abomination, perhaps ever, in the software world, and certainly in the software configuration and construction sphere. Try my "fork" using BSD Make to build and test: https://github.com/robohack/yajl I've already fixed this problem, and I'll be making a new release in the next week or so. |
@robohack thanks for your help! I gave a try for your yajl project with bmake on the linux system, the following is my steps, please correct me if I'm wrong, thank you so much!
NOTE: the last command will hang forever. |
That's not the right way to run The regression tests run by |
@robohack thank you so much! I can see memory leak now, although it's different from original description, I think it may be we have different configuration for cmake/bmake with sanitizer address ...
|
If you could provide more details about the context you're testing in, such as commit-id, compiler version, etc., that would be appreciated. Perhaps open a new issue on my project for it? |
Using your robohack/yajl project with https://raw.githubusercontent.com/lloyd/yajl/master/example/parse_config.c, it will get memory leak like above, for more, please see [1]. BTW, it's no any memory leak if we used all of codes from robohack/yajl [2]. [1]
[2]
|
Excellent! Thank you very much! |
A long time ago, I have done a ticket: |
Memory leak in yajl 2.1.0 with use of yajl_tree_parse function See lloyd#250 (comment) Origin: openEuler-BaseService@23a122e Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984 Bug: lloyd#250
there is memory leak in yajl_tree_parse function
reproduce step:
1. compile the yajl with asan cmake . -DCMAKE_C_COMPILER=gcc -fsanitize=address -g
2. example/parse_config.c
3. crash input: "{"@\\\n\\\\""
this may casue crash and dos for which use our lib.
The text was updated successfully, but these errors were encountered: