Work environment
| Questions |
Answers |
| OS/arch/bits (mandatory) |
Ubuntu 20.04.6 LTS x64 |
| File format of the file you reverse (mandatory) |
unit/test_analysis_op |
| Architecture/bits of the file (mandatory) |
x86 Zydis |
rizin -v full output, not truncated (mandatory) |
rizin 0.9.0 @ linux-x86-64 commit: db37c99 |
Expected behavior
No leaks.
Actual behavior
The leak occurs because of an ownership conflict between the analysis plugin and the core logic in canalysis.c.
Plugin Allocation: The x86 Zydis plugin allocates memory for op->mnemonic during the analyze_op call (at analysis_x86_zydis.c:3238).
Pointer Overwrite: In canalysis.c, the code manually processes the assembly string to extract a mnemonic, storing it in ctx->mnemonic and then performing: op->mnemonic = mnem;
The Leak: By assigning a new pointer to op->mnemonic, the original pointer allocated by the plugin is overwritten and lost. Since rz_analysis_op_fini(op) subsequently tries to free the current (overwritten) pointer or doesn't know how to handle the original one, the plugin-allocated memory leaks.
Suggested Fix
The core should not blindly overwrite op->mnemonic if the plugin has already provided one. Alternatively, if the core needs to normalize the mnemonic, it must safely free() the previous value before assignment, provided the plugin-allocated string is heap-allocated and intended to be managed by the caller.
Steps to reproduce the behavior
- just run
valgrind --leak-check=full --track-origins=yes rizin/build/test/unit/test_analysis_op
Additional Logs, screenshots, source code, configuration dump, ...
Drag and drop zip archives containing the Additional info here, don't use external services or link.
Work environment
rizin -vfull output, not truncated (mandatory)Expected behavior
No leaks.
Actual behavior
The leak occurs because of an ownership conflict between the analysis plugin and the core logic in canalysis.c.
Plugin Allocation: The x86 Zydis plugin allocates memory for
op->mnemonicduring the analyze_op call (at analysis_x86_zydis.c:3238).Pointer Overwrite: In canalysis.c, the code manually processes the assembly string to extract a mnemonic, storing it in ctx->mnemonic and then performing:
op->mnemonic = mnem;The Leak: By assigning a new pointer to op->mnemonic, the original pointer allocated by the plugin is overwritten and lost. Since rz_analysis_op_fini(op) subsequently tries to free the current (overwritten) pointer or doesn't know how to handle the original one, the plugin-allocated memory leaks.
Suggested Fix
The core should not blindly overwrite op->mnemonic if the plugin has already provided one. Alternatively, if the core needs to normalize the mnemonic, it must safely free() the previous value before assignment, provided the plugin-allocated string is heap-allocated and intended to be managed by the caller.
Steps to reproduce the behavior
valgrind --leak-check=full --track-origins=yes rizin/build/test/unit/test_analysis_opAdditional Logs, screenshots, source code, configuration dump, ...
Drag and drop zip archives containing the Additional info here, don't use external services or link.