Several potential bugs of memory/File Descriptor leak #147
Description
hello,I found several bugs of memory/file descriptor leak,would you help me to check if these bugs are true?thanks.
==============================================================================
step 1 :
In file AFL/alloc-inl.h , function DFL_ck_alloc_nozero line 115 :
Allocate memory to ret
step 2 :
In file AFL/alloc-inl.h, function DFL_ck_alloc_nozero line 116 :
Select the true branch at this point (ret!=null is true)
step 3 :
In file AFL/alloc-inl.h , function DFL_ck_alloc line 136 :
Function DFL_ck_alloc_nozero executes and stores the return value to mem
step 4 :
In file AFL/afl-showmap.c , function get_qemu_argv line 603:
Function DFL_ck_alloc executes and stores the return value to cp
step 5 :
In file AFL/afl-showmap.c , function get_qemu_argv line 606 :
Select the false branch at this point (access(cp,1)==0 is false)
step 6 :
In file AFL/afl-showmap.c , function get_qemu_argv line 615 :
Select the true branch at this point (access("/usr/local/bin/afl-qemu-trace",1)!=0 is false), the allocated memory cp is leaked
==============================================================================
step 1 :
In file AFL/alloc-inl.h , function DFL_ck_alloc_nozero line 108 :
Allocate memory to ret
step 2 :
In file AFL/alloc-inl.h , function DFL_ck_alloc_nozero line 109 :
Select the true branch at this point (ret!=null is true)
step 3 :
In file AFL/alloc-inl.h , function DFL_ck_alloc line 129 :
Function DFL_ck_alloc_nozero executes and stores the return value to mem
step 4 :
In file AFL/afl-analyze.c , function get_qemu_argv line 930 :
Function DFL_ck_alloc executes and stores the return value to cp
step 5 :
In file AFL/afl-analyze.c , function get_qemu_argv line 933 :
Select the false branch at this point (access(cp,1)==0 is false)
step 6 :
In file AFL/afl-analyze.c , function get_qemu_argv line 942 :
Select the true branch at this point (access("/usr/local/bin/afl-qemu-trace",1)==0 is true), the allocated memory is leaked
===============================================================================
step 1 :
In file AFL/afl-fuzz.c , function write_stats_file line 3430:
Function open executes and stores the return value to fd
step 2 :
In file AFL/afl-fuzz.c , function write_stats_file line 3432:
Select the false branch at this point (fd<0 is false)
step 3 :
In file AFL/afl-fuzz.c , function write_stats_file line 3438 :
Select the true branch at this point (f!=null is true) but did not close it
==============================================================================
step 1 :
In file AFL/afl-showmap.c, function write_results line 182/187/193 :
Function executes and stores the return value to fd
step 2 :
In file AFL/afl-showmap.c , function write_results line 183/188/194 :
Select the false branch at this point (fd<0 is false)
step 3 :
In file AFL/afl-showmap.c , function write_results line 199 :
Select the false branch at this point (binary_mode!=0 is false)
step 4 :
In file AFL/afl-showmap.c , function write_results line 211 :
Select the false branch at this point (f==null is false)
step 5 :
In file AFL/afl-showmap.c , function write_results line 213 :
Select the true branch at this point (i<65536 is true)
step 6 :
In file AFL/afl-showmap.c , function write_results line 215:
Select the false branch at this point (trace_bits[i]==0 is false)
step 7 :
In file AFL/afl-showmap.c, function write_results line 218 :
Select the true branch at this point (cmin_mode!=0 is true)
step 8 :
In file AFL/afl-showmap.c , function write_results line 220/221 :
Select the true branch at this point (child_timed_out!=0 is true or (!caa && child_crashed != cco)is true) but did not close fd