engine: fix memory leaks with parse error handling in parse_string_map_to_list (backport of #10943).

[pwhelan]

Summary

This is a backport of #10943 to the 4.0 series.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• [N/A] Example configuration file for the change
• [N/A] Debug log output from testing the change
• [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pwhelan-fix-flb_slist_split_string-mem-leak-parse-error-4.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pwhelan]

I am looking at the leaks and I think they are all caused by premature exit.

There is one caused by not freeing the memory from flb_callback_create for flb_output_new which gets freed by flb_output_instance_destroy.

2025-09-26T15:03:31.6157479Z Direct leak of 19280 byte(s) in 482 object(s) allocated from:
2025-09-26T15:03:31.6157722Z     #0 0x557f740a5c24 in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:3
2025-09-26T15:03:31.6157911Z     #1 0x557f7418e1c5 in flb_malloc /src/fluent-bit/include/fluent-bit/flb_mem.h:80:12
2025-09-26T15:03:31.6158102Z     #2 0x557f7418e1c5 in flb_callback_create /src/fluent-bit/src/flb_callback.c:30:11
2025-09-26T15:03:31.6158270Z     #3 0x557f7411f809 in flb_output_new /src/fluent-bit/src/flb_output.c:704:26
2025-09-26T15:03:31.6158518Z     #4 0x557f740ebd27 in flb_output /src/fluent-bit/src/flb_lib.c:278:13
2025-09-26T15:03:31.6158798Z     #5 0x557f740e9f1e in LLVMFuzzerTestOneInput /src/fluent-bit/tests/internal/fuzzers/engine_fuzzer.c:39:13

The other is caused somehow by the very same code I patched in parse_string_map_to_list.

2025-09-26T15:04:05.0225126Z Direct leak of 18 byte(s) in 1 object(s) allocated from:
2025-09-26T15:04:05.0225366Z     #0 0x55a3d0c99c24 in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:3
2025-09-26T15:04:05.0225558Z     #1 0x55a3d0ce41ed in flb_malloc /src/fluent-bit/include/fluent-bit/flb_mem.h:80:12
2025-09-26T15:04:05.0225706Z     #2 0x55a3d0ce41ed in sds_alloc /src/fluent-bit/src/flb_sds.c:42:11
2025-09-26T15:04:05.0225866Z     #3 0x55a3d0ce41ed in flb_sds_create_len /src/fluent-bit/src/flb_sds.c:63:9
2025-09-26T15:04:05.0226031Z     #4 0x55a3d0d0260d in token_retrieve /src/fluent-bit/src/flb_slist.c:156:15
2025-09-26T15:04:05.0226209Z     #5 0x55a3d0d0260d in flb_slist_split_tokens /src/fluent-bit/src/flb_slist.c:190:19
2025-09-26T15:04:05.0226436Z     #6 0x55a3d0cf9239 in parse_string_map_to_list /src/fluent-bit/src/flb_config_map.c:95:15
2025-09-26T15:04:05.0226641Z     #7 0x55a3d0cf53bd in translate_default_value /src/fluent-bit/src/flb_config_map.c:175:16
2025-09-26T15:04:05.0226917Z     #8 0x55a3d0cf53bd in flb_config_map_create /src/fluent-bit/src/flb_config_map.c:352:15
2025-09-26T15:04:05.0227213Z     #9 0x55a3d0cde053 in LLVMFuzzerTestOneInput /src/fluent-bit/tests/internal/fuzzers/config_map_fuzzer.c:195:23

[pwhelan]

There are three other runs that have had the same or a similar problem:

• https://github.com/fluent/fluent-bit/actions/runs/18024863430/job/51289945754
• https://github.com/fluent/fluent-bit/actions/runs/17820020809/job/50660452053
• https://github.com/fluent/fluent-bit/actions/runs/17818011720/job/50654944434

Do we really need resilience to memory leaks in the face of fuzzers? should we keep them but allow them to be override? could we at the very least improve the logs to make them more consumable?

I'm open to opinions from anyone on this one: @patrick-stephens, @edsiper.

For now I restarted the CI Fuzz job in hopes that the RNG favors me this time.

[pwhelan]

No such luck, it continues to fail. I will have to attempt to fix it by reproducing it locally, when I have the time.

I still need to see why this is failing:

Error: [2025/09/26 20:58:52] [error] [config] plugins registration failed
Error: [2025/09/26 20:58:52] [error] [/src/fluent-bit/include/fluent-bit/flb_plugins.h:294 errno=9] Bad file descriptor
Error: [2025/09/26 20:58:52] [error] [config] plugins registration failed
Error: [2025/09/26 20:58:52] [error] [/src/fluent-bit/include/fluent-bit/flb_plugins.h:318 errno=9] Bad file descriptor
Error: [2025/09/26 20:58:52] [error] [config] plugins registration failed
Error: [2025/09/26 20:58:52] [error] [config] �]: unknown configuration property '�_mgo_after_sig'. The following properties are allowed: no_mult, mult_boolean, mult_num_int, mult_num_double, mult_string, mult_clist, and mult_slist.
Error: [2025/09/26 20:58:52] [error] [/src/fluent-bit/src/flb_slist.c:60 errno=9] Bad file descriptor
Error: [2025/09/26 20:58:52] [error] [config] �]: unknown configuration property '�_mgo_after_sig'. The following properties are allowed: boolean, num_int, num_double, string, test_size, test_time, test_clist, and test_slist.
Error: [2025/09/26 20:58:52] [error] [config] �]: unknown configuration property '�_mgo_after_sig'. The following properties are allowed: no_mult, mult_boolean, mult_num_int, mult_num_double, mult_string, mult_clist, and mult_slist.
Error: [2025/09/26 20:58:52] [error] [/src/fluent-bit/src/flb_slist.c:60 errno=9] Bad file descriptor
Error: [2025/09/26 20:58:52] [error] [config] �]: unknown configuration property '�_mgo_after_sig'. The following properties are allowed: boolean, num_int, num_double, string, test_size, test_time, test_clist, and test_slist.

=================================================================
==1574==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 18 byte(s) in 1 object(s) allocated from:
    #0 0x55d2c7c08c24 in malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:3
    #1 0x55d2c7c531ed in flb_malloc /src/fluent-bit/include/fluent-bit/flb_mem.h:80:12
    #2 0x55d2c7c531ed in sds_alloc /src/fluent-bit/src/flb_sds.c:42:11
    #3 0x55d2c7c531ed in flb_sds_create_len /src/fluent-bit/src/flb_sds.c:63:9
    #4 0x55d2c7c7160d in token_retrieve /src/fluent-bit/src/flb_slist.c:156:15
    #5 0x55d2c7c7160d in flb_slist_split_tokens /src/fluent-bit/src/flb_slist.c:190:19
    #6 0x55d2c7c68239 in parse_string_map_to_list /src/fluent-bit/src/flb_config_map.c:95:15
    #7 0x55d2c7c643bd in translate_default_value /src/fluent-bit/src/flb_config_map.c:175:16
    #8 0x55d2c7c643bd in flb_config_map_create /src/fluent-bit/src/flb_config_map.c:352:15
    #9 0x55d2c7c4d053 in LLVMFuzzerTestOneInput /src/fluent-bit/tests/internal/fuzzers/config_map_fuzzer.c:195:23

This patch should fix the leak in flb_slist_split_tokens by calling flb_slist_destroy.

[patrick-stephens]

Fuzzing is intended to help find these types of issues so whilst it may be frustrating I am certainly of the opinion it should always be resolved. It is usually either an error with the fuzzer (so fix that) or the code (so fix that).