Skip to content

gdk-pixbuf: fix memory leaks and API misuse in pixbuf_cons_fuzzer#15080

Open
OwenSanzas wants to merge 1 commit intogoogle:masterfrom
OwenSanzas:fix/gdk-pixbuf-cons-fuzzer-leaks
Open

gdk-pixbuf: fix memory leaks and API misuse in pixbuf_cons_fuzzer#15080
OwenSanzas wants to merge 1 commit intogoogle:masterfrom
OwenSanzas:fix/gdk-pixbuf-cons-fuzzer-leaks

Conversation

@OwenSanzas
Copy link
Contributor

@OwenSanzas OwenSanzas commented Mar 5, 2026

Summary

This is not a bug in gdk-pixbuf. It is a bug in the fuzz harness pixbuf_cons_fuzzer that causes memory leaks (1704 bytes in 8 allocations per iteration) detectable by LeakSanitizer, and an API contract violation (gdk_pixbuf_scale with same src and dest).

False Positive Impact

If left unfixed, any leak report from this fuzzer will be a false positive — the leaks originate in the harness, not in gdk-pixbuf. This can lead to:

  • Wasted developer time: Maintainers investigating leak reports that are not real gdk-pixbuf bugs
  • Noise in OSS-Fuzz dashboards: Persistent unfixed "bugs" that are actually harness defects
  • Amplified impact in the AI era: AI-assisted fuzzing tools increasingly reference existing OSS-Fuzz harnesses as ground truth. A buggy harness pattern can be copied and propagated by LLM-based harness generators, multiplying false positives across downstream projects

Bugs Fixed

P1 (Harness Logic): Multiple intermediate GdkPixbuf objects leaked — tmp is overwritten repeatedly without freeing previous values:

tmp = gdk_pixbuf_rotate_simple(pixbuf, rot_amount * 90);  // rotated leaked
tmp = gdk_pixbuf_flip(pixbuf, TRUE);                       // flipped leaked
tmp = gdk_pixbuf_composite_color_simple(pixbuf, ...);      // composite leaked

Also, GBytes from g_bytes_new_static() is never freed.

P2 (API Protocol): gdk_pixbuf_scale(pixbuf, pixbuf, ...) uses the same pixbuf as both source and destination. The API documentation requires they be different.

LSan Report

==14==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 96 byte(s) in 1 object(s) allocated from:
    #0 calloc
    #1 g_malloc0 (gmem.c:133)
    ...
    #5 gdk_pixbuf_new_from_data (gdk-pixbuf-data.c:79)
    #6 LLVMFuzzerTestOneInput (pixbuf_cons_fuzzer.c:65)

SUMMARY: AddressSanitizer: 1704 byte(s) leaked in 8 allocation(s).

The leak triggers on the first seed corpus input and is 100% reproducible.

Fix

  1. Free each intermediate tmp with g_object_unref() before reassignment
  2. Add g_bytes_unref(bytes) on all paths
  3. Replace gdk_pixbuf_scale(src==dest) with gdk_pixbuf_scale_simple()

@OwenSanzas
Fix memory leaks and API misuse in pixbuf_cons_fuzzer
e5640a9 
- Fix P1: free each intermediate GdkPixbuf before overwriting tmp
- Fix P1: free GBytes (g_bytes_unref) on all paths
- Fix P2: replace gdk_pixbuf_scale(src==dest) with gdk_pixbuf_scale_simple
@github-actions
Copy link

github-actions bot commented Mar 5, 2026

OwenSanzas is a new contributor to projects/gdk-pixbuf. The PR must be approved by known contributors before it can be merged. The past contributors are: arthurscchan, hunsche, correctmost, tysmith, DonggeLiu, inferno-chromium, Google-Autofuzz, ecalp-tps

@OwenSanzas OwenSanzas mentioned this pull request Mar 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OwenSanzas