Bug 624317

Summary: vncviewer memory leak at rfb::DecompressJpegRect (tightDecode.h:297)
Product: [Fedora] Fedora Reporter: Tim Taiwanese Liim <tim.liim>
Component: tigervncAssignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: atkac, ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tigervnc-1.0.1-3.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-02 16:40:11 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Tim Taiwanese Liim 2010-08-15 21:06:12 EDT
Description of problem:
    Memory leak at rfb::DecompressJpegRect (tightDecode.h:297), where we
    have
      JSAMPROW *rowPointer = new JSAMPROW[h];
    but there is no corresponding delete[] rowPointer.  My vncviewer
    reached >2GB in memory after 1 day when playing some slide show.

Version-Release number of selected component (if applicable):
    tigervnc-1.0.1-1.fc12.x86_64

How reproducible:
    always (at least when I runs slide show on my photo collection)

Steps to Reproduce:
    1. run valgrind to check for memory leak:
            valgrind --leak-check=full unix/vncviewer/vncviewer 
       to connect to a vnc server
    2. run some slide show in the vnc (not sure if this is necessary)
    3. wait for a few minutes.
    4. hit ctrl-C to interrupt.

Actual results:
    Valgrind reports memory leak at 
            rfb::DecompressJpegRect (tightDecode.h:297)
    See [1] below for detail.

Expected results:
    There should be no memory leak (at least no more than a few
    hundred kB).

Additional info:
    [1] report from valgrind after a few hours (115MB leaked):
       115,900,712 bytes in 235,469 blocks are definitely lost in loss 
             record 255 of 255
          at 0x4A055EC: operator new[](unsigned long) 
             (vg_replace_malloc.c:264)
          by 0x42A630: rfb::DecompressJpegRect(rfb::Rect const&, 
             rdr::InStream*, unsigned int*, rfb::CMsgHandler*) 
             (tightDecode.h:297)
          by 0x42C20C: rfb::tightDecode32(rfb::Rect const&, rdr::InStream*,
             rdr::ZlibInStream*, unsigned int*, rfb::CMsgHandler*) 
             (tightDecode.h:100)
          by 0x440E9B: rfb::CMsgReader::readRect(rfb::Rect const&, 
             unsigned int) (CMsgReader.cxx:115)
          by 0x41AF81: rfb::CMsgReaderV3::readMsg() (CMsgReaderV3.cxx:94)
          by 0x413EDA: main (vncviewer.cxx:407)
Comment 1 Adam Tkac 2010-08-19 05:00:07 EDT
Right you are, thanks for the report. This issue will be fixed in the next update.
Comment 2 Tim Taiwanese Liim 2010-08-20 12:06:19 EDT
Glad that I can help!
Comment 3 Fedora Update System 2010-08-25 11:11:41 EDT
tigervnc-1.0.1-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/tigervnc-1.0.1-2.fc12
Comment 4 Fedora Update System 2010-08-25 11:11:45 EDT
tigervnc-1.0.1-3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/tigervnc-1.0.1-3.fc12
Comment 5 Fedora Update System 2010-08-25 21:02:32 EDT
tigervnc-1.0.1-3.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tigervnc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/tigervnc-1.0.1-3.fc12
Comment 6 Fedora Update System 2010-09-02 16:39:58 EDT
tigervnc-1.0.1-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.