memory leaks in Read_utf8

[haruki3hhh]

Version

139076a

Build

cmake -DCMAKE_C_COMPILER="gcc" -DCMAKE_C_FLAGS="-g -fsanitize=address -fno-omit-frame-pointer" -DCMAKE_EXE_LINKER_FLAGS="-g -fsanitize=address -fno-omit-frame-pointer" .
make

ASAN log

Error: [Fatal] repl_load: underrun while parsing Wasm binary
Error: underrun while parsing Wasm binary

=================================================================
==39249==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 11 byte(s) in 2 object(s) allocated from:
    #0 0x7fd9f3beaa06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
    #1 0x564152b22969 in m3_Malloc_Impl /root/Ablation/wasm3/source/m3_core.c:129
    #2 0x564152b22969 in Read_utf8 /root/Ablation/wasm3/source/m3_core.c:501

Reproduce

./wasm3 <PoC>

PoC

PoC

[tommie]

That stack trace is missing some frames.

I think this is the only place that is missing a utf8 free in the error path:

wasm3/source/m3_parse.c

Line 559 in 139076a

_catch: return result;

The PoC is far from a minimal repro, though. It's 172 kB. wasm2wat says

000047b: error: invalid function signature count 520192, only 299 bytes left in section

which seems unrelated to custom sections.

[tommie]

It's in imports:

Direct leak of 7 byte(s) in 1 object(s) allocated from:
    #0 0x709250119997 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x5f435c4c2aa2 in m3_Malloc_Impl /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_core.c:129
    #2 0x5f435c4c40b4 in Read_utf8 /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_core.c:501
    #3 0x5f435c4d268f in ParseSection_Import /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:162
    #4 0x5f435c4d69f4 in ParseModuleSection /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:594
    #5 0x5f435c4d7219 in m3_ParseModule /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:648
    #6 0x5f435c46a8e3 in repl_load /home/tommie/code/uniface/firmware/lib/wasm3/platforms/app/main.c:147
    #7 0x5f435c46e3de in main /home/tommie/code/uniface/firmware/lib/wasm3/platforms/app/main.c:627
    #8 0x70924fd6b14f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Direct leak of 4 byte(s) in 1 object(s) allocated from:
    #0 0x709250119997 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x5f435c4c2aa2 in m3_Malloc_Impl /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_core.c:129
    #2 0x5f435c4c40b4 in Read_utf8 /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_core.c:501
    #3 0x5f435c4d264d in ParseSection_Import /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:161
    #4 0x5f435c4d69f4 in ParseModuleSection /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:594
    #5 0x5f435c4d7219 in m3_ParseModule /home/tommie/code/uniface/firmware/lib/wasm3/source/m3_parse.c:648
    #6 0x5f435c46a8e3 in repl_load /home/tommie/code/uniface/firmware/lib/wasm3/platforms/app/main.c:147
    #7 0x5f435c46e3de in main /home/tommie/code/uniface/firmware/lib/wasm3/platforms/app/main.c:627
    #8 0x70924fd6b14f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

It's due to memoryImport never being freed:

wasm3/source/m3_parse.c

Line 187 in 139076a

io_module->memoryImport = import;

wasm3/source/m3_module.c

Line 22 in 139076a

void m3_FreeModule (IM3Module i_module)