Bug 1071861

Summary: Memory leak in nss_Init
Product: Red Hat Enterprise Linux 7 Reporter: Aleš Mareček <amarecek>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: eparis, hkario, kdudka, omoris
Target Milestone: rc   
Target Release: ---   
Hardware: s390x   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1007762 Environment:
Last Closed: 2014-03-17 18:06:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1007762    
Bug Blocks:    

Description Aleš Mareček 2014-03-03 10:43:43 UTC 
+++ This bug was initially created as a clone of Bug #1007762 +++

Description of problem:
When running reproducer for bug 769616, valgrind reports a memory leak.

Version-Release number of selected component (if applicable):
nss-3.15.1-3.el6.s390x

How reproducible:
Always

Steps to Reproduce:
  cat <<EOF > ckfw_leaks_memory.c
#include <assert.h>
#include <nss.h>
#include <secmod.h>
#include <stdlib.h>

int main() {
  if (0 != NSS_NoDB_Init(NULL))
    assert(0);

  for (int i = 0; i < 256; ++i) {
    SECMODModule* mod = SECMOD_LoadUserModule("library=libnsspem.so name=PEM", NULL, PR_FALSE);
    if(!mod || !mod->loaded)
      assert(0);

    SECMOD_UnloadUserModule(mod);
    SECMOD_DestroyModule(mod);
  }

  NSS_Shutdown();

  return EXIT_SUCCESS;
}
EOF
gcc ckfw_leaks_memory.c -o ckfw_leaks_memory -g -std=c99 -pedantic -W -Wall -I/usr/include/nss3 -I/usr/include/nspr4 -lnss3
LD_PRELOAD=libnsspem.so valgrind --leak-check=full --error-exitcode=7 ./ckfw_leaks_memory

Actual results:
==15960== Memcheck, a memory error detector
==15960== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==15960== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==15960== Command: ./ckfw_leaks_memory
==15960== 
==15960== 
==15960== HEAP SUMMARY:
==15960==     in use at exit: 10,585 bytes in 89 blocks
==15960==   total heap usage: 83,922 allocs, 83,833 frees, 35,332,256 bytes allocated
==15960== 
==15960== 272 bytes in 1 blocks are definitely lost in loss record 68 of 75
==15960==    at 0x402BA84: calloc (vg_replace_malloc.c:593)
==15960==    by 0x43ADCB3: _PR_InitThreads (ptthread.c:939)
==15960==    by 0x439D517: _PR_InitStuff (prinit.c:180)
==15960==    by 0x439D7AD: PR_CallOnce (prinit.c:219)
==15960==    by 0x408E9C9: nss_Init (nssinit.c:548)
==15960==    by 0x408F943: NSS_NoDB_Init (nssinit.c:874)
==15960==    by 0x800008DD: main (ckfw_leaks_memory.c:7)
==15960== 
==15960== LEAK SUMMARY:
==15960==    definitely lost: 272 bytes in 1 blocks
==15960==    indirectly lost: 0 bytes in 0 blocks
==15960==      possibly lost: 0 bytes in 0 blocks
==15960==    still reachable: 10,313 bytes in 88 blocks
==15960==         suppressed: 0 bytes in 0 blocks
==15960== Reachable blocks (those to which a pointer was found) are not shown.
==15960== To see them, rerun with: --leak-check=full --show-reachable=yes
==15960== 
==15960== For counts of detected and suppressed errors, rerun with: -v
==15960== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 264 from 8)

Expected results:
No memory leaks

Additional info:
Comment 1 Elio Maldonado Batiz 2014-03-17 17:55:56 UTC 
I'm getting good results with the latest versions of nss installed on my system
and using the simple reproducer.

[emaldona@dhcp-16-197 Bug-1071861-Memory-leak-in-nss_Init]$ LD_PRELOAD=libnsspem.so valgrind --leak-check=full --error-exitcode=7 ./ckfw_leaks_memory 
==25668== Memcheck, a memory error detector
==25668== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==25668== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==25668== Command: ./ckfw_leaks_memory
==25668== 
==25668== 
==25668== HEAP SUMMARY:
==25668==     in use at exit: 10,309 bytes in 88 blocks
==25668==   total heap usage: 84,182 allocs, 84,094 frees, 35,479,958 bytes allocated
==25668== 
==25668== LEAK SUMMARY:
==25668==    definitely lost: 0 bytes in 0 blocks
==25668==    indirectly lost: 0 bytes in 0 blocks
==25668==      possibly lost: 0 bytes in 0 blocks
==25668==    still reachable: 10,309 bytes in 88 blocks
==25668==         suppressed: 0 bytes in 0 blocks
==25668== Reachable blocks (those to which a pointer was found) are not shown.
==25668== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==25668== 
==25668== For counts of detected and suppressed errors, rerun with: -v
==25668== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

This what I'm running
[emaldona@dhcp-16-197 ~]$ rpm -q nss nss-softokn nss-util nspr
nss-3.15.4-6.el7.x86_64
nss-softokn-3.15.4-2.el7.x86_64
nss-util-3.15.4-2.el7.x86_64
nspr-4.10.2-4.el7.x86_64
Comment 2 Elio Maldonado Batiz 2014-03-17 17:57:25 UTC 
Sorry, I should have read more carefully. This bug is s390x only.
Comment 3 Kamil Dudka 2014-03-17 18:06:37 UTC 
This seems to be a bug in NSPR.  A call to PR_Init() is enough to trigger the leak.

*** This bug has been marked as a duplicate of bug 1071254 ***