Skip to content

Sanitizer reports (ASAN, UBSAN) #3448

New issue
New issue
Open
Open
Sanitizer reports (ASAN, UBSAN)#3448
Labels
3.xRelated to ModSecurity version 3.x
@chenuduss

Description

@chenuduss
chenuduss
opened on Oct 16, 2025

Compilation flags:

  • -fsanitize=address
  • -fsanitize=undefined

gcc (Debian 12.2.0-14+deb12u1) 12.2.0
g++ (Debian 12.2.0-14+deb12u1) 12.2.0
ModSecurity v3.0.14 (https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.14)

Reproduce: I can't describe the exact process, it's done by a script that I can't share.

Report:

Direct leak of 2448 byte(s) in 34 object(s) allocated from:
    #0 0x7f4b782b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55da9dc9d66c in yy::seclang_parser::parse() /home/......./modsecurity/src/seclang-parser.yy:2777
    #2 0x55da9dc7a3bc in modsecurity::Parser::Driver::parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) parser/driver.cc:147

Indirect leak of 1632 byte(s) in 34 object(s) allocated from:
    #0 0x7f4b782b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55da9dc46663 in std::__new_allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >::allocate(unsigned long, void const*) /usr/include/c++/12/bits/new_allocator.h:137
    #2 0x55da9dc46663 in std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >::allocate(std::allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >&, unsigned long) /usr/include/c++/12/bits/alloc_traits.h:464
    #3 0x55da9dc46663 in std::__allocated_ptr<std::allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > > std::__allocate_guarded<std::allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >(std::allocator<std::_Sp_counted_ptr_inplace<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >&) /usr/include/c++/12/bits/allocated_ptr.h:98
    #4 0x55da9dc46663 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<void>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/12/bits/shared_ptr_base.h:969
    #5 0x55da9dc46663 in std::__shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/12/bits/shared_ptr_base.h:1712
    #6 0x55da9dc46663 in std::shared_ptr<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::shared_ptr<std::allocator<void>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::_Sp_alloc_shared_tag<std::allocator<void> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/12/bits/shared_ptr.h:464
    #7 0x55da9dc46663 in std::shared_ptr<std::enable_if<!std::is_array<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::value, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::type> std::make_shared<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/include/c++/12/bits/shared_ptr.h:1010
    #8 0x55da9dc46663 in modsecurity::actions::Action::set_name_and_payload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../headers/modsecurity/actions/action.h:108
    #9 0x55da9dc46663 in modsecurity::actions::Action::set_name_and_payload(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../headers/modsecurity/actions/action.h:99

Indirect leak of 1360 byte(s) in 34 object(s) allocated from:
    #0 0x7f4b782b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55da9dc7ba83 in std::__detail::_MakeUniq<modsecurity::RunTimeElementHolder>::__single_object std::make_unique<modsecurity::RunTimeElementHolder>() /usr/include/c++/12/bits/unique_ptr.h:1065
    #2 0x55da9dc7ba83 in modsecurity::RunTimeString::appendText(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/.........../modsecurity/src/run_time_string.cc:34

Indirect leak of 1088 byte(s) in 34 object(s) allocated from:
    #0 0x7f4b782b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55da9dc99a27 in yy::seclang_parser::parse() /home/....../modsecurity/src/seclang-parser.yy:3069
    #2 0x55da9dc7a3bc in modsecurity::Parser::Driver::parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) parser/driver.cc:147

Indirect leak of 816 byte(s) in 34 object(s) allocated from:
    #0 0x7f4b782b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x55da9dc7babb in std::__new_allocator<std::_List_node<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >::allocate(unsigned long, void const*) /usr/include/c++/12/bits/new_allocator.h:137
    #2 0x55da9dc7babb in std::allocator_traits<std::allocator<std::_List_node<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > > >::allocate(std::allocator<std::_List_node<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >&, unsigned long) /usr/include/c++/12/bits/alloc_traits.h:464
    #3 0x55da9dc7babb in std::__cxx11::_List_base<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >, std::allocator<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >::_M_get_node() /usr/include/c++/12/bits/stl_list.h:518
    #4 0x55da9dc7babb in std::_List_node<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > >* std::__cxx11::list<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >, std::allocator<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >::_M_create_node<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > >(std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >&&) /usr/include/c++/12/bits/stl_list.h:710
    #5 0x55da9dc7babb in void std::__cxx11::list<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >, std::allocator<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >::_M_insert<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > >(std::_List_iterator<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > >, std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >&&) /usr/include/c++/12/bits/stl_list.h:2005
    #6 0x55da9dc7babb in std::__cxx11::list<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >, std::allocator<std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> > > >::push_back(std::unique_ptr<modsecurity::RunTimeElementHolder, std::default_delete<modsecurity::RunTimeElementHolder> >&&) /usr/include/c++/12/bits/stl_list.h:1311
    #7 0x55da9dc7babb in modsecurity::RunTimeString::appendText(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/......./modsecurity/src/run_time_string.cc:36

I hope this information will be useful for the development community. If I have time, I will try to investigate these errors and make pull requests.

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.xRelated to ModSecurity version 3.x

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions