https://issues.oss-fuzz.com/issues/405192526

Reference Info: 405192526 poco:xml_parser_fuzzer: Direct-leak in processInternalEntity
component: Public Trackers > 1362134 > OSS Fuzz
status: New
reporter: 87...@developer.gserviceaccount.com
cc: Ad...@adalogics.com, al...@pocoproject.org, guenter@pocoproject.org
collaborators: co...@oss-fuzz.com
type: Bug
access level: Limited visibility
priority: P2
severity: S4
hotlist: Reproducible, Stability-Memory-AddressSanitizer, Stability-Memory-LeakSanitizer
retention: Component default
Project: poco
Reported: Mar 21, 2025

87...@developer.gserviceaccount.com added comment #1:
Detailed Report: https://oss-fuzz.com/testcase?key=4684169896853504

Project: poco
Fuzzing Engine: libFuzzer
Fuzz Target: xml_parser_fuzzer
Job Type: libfuzzer_asan_poco
Platform Id: linux

Crash Type: Direct-leak
Crash Address:
Crash State:
processInternalEntity
doContent
internalEntityProcessor

Sanitizer: address (ASAN)

Regressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_poco&range=202408050612:202408060606

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=4684169896853504

Issue filed automatically.

See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally.
When you fix this bug, please

• mention the fix revision(s).
• state whether the bug was a short-lived regression or an old bug in any stable releases.
• add any other useful information.
  This information can help downstream consumers.

If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.