GitLab

Wasm-Fuzzer项目在模糊测试过程中并没有正确处理好内存释放，导致内存资源大量占用，我目前已经修复该问题，下面是修改前后的diff展示：

diff --git a/submodule/afl/src/afl-fuzz-init.c b/submodule/afl/src/afl-fuzz-init.c
index d863e35b8..fe071311b 100644
--- a/submodule/afl/src/afl-fuzz-init.c
+++ b/submodule/afl/src/afl-fuzz-init.c
@@ -1124,6 +1124,7 @@ void perform_dry_run(afl_state_t *afl) {

     }

+    freeDataPtr((void**)&use_mem);
   }

   if (cal_failures) {
diff --git a/submodule/afl/src/afl-fuzz-one.c b/submodule/afl/src/afl-fuzz-one.c
index 95a343fa1..bdb4d5105 100644
--- a/submodule/afl/src/afl-fuzz-one.c
+++ b/submodule/afl/src/afl-fuzz-one.c
@@ -433,8 +433,8 @@ u8 fuzz_one_original(afl_state_t *afl) {

   orig_in = in_buf;

-  out_buf = afl_realloc(AFL_BUF_PARAM(out), len);
-  if (unlikely(!out_buf)) { PFATAL("alloc"); }
+  // out_buf = afl_realloc(AFL_BUF_PARAM(out), len);
+  // if (unlikely(!out_buf)) { PFATAL("alloc"); }

   afl->subseq_tmouts = 0;

@@ -1070,7 +1070,6 @@ abandon_entry:
   // free in_buf
   freeDataPtr((void**)&in_buf);
   //freeWasmFile((void**)&in_buf);
-  ck_free(in_buf);
   //free(orig_in);

   return ret_val;
diff --git a/wasmfuzzer/wasmfuzzer_lib.cpp b/wasmfuzzer/wasmfuzzer_lib.cpp
index 452796510..ada275be8 100644
--- a/wasmfuzzer/wasmfuzzer_lib.cpp
+++ b/wasmfuzzer/wasmfuzzer_lib.cpp
@@ -67,7 +67,12 @@ CBoolean readWasmFile(char* filename, void** ppModule) {
 CBoolean freeDataPtr(void** ppModule){
     WasmFuzzerFile& wasmFuzzerFile = *(WasmFuzzerFile*)*ppModule;
     // free data ptr
-    delete wasmFuzzerFile.dataPtr;
+    if (wasmFuzzerFile.dataLen >= 0) {
+        delete[] (uint8_t*)(wasmFuzzerFile.dataPtr);
+    } else {
+        delete (Module*)(wasmFuzzerFile.dataPtr);
+    }
+    delete (WasmFuzzerFile*)(*ppModule);
     return 0;

 }