Bug 746632
| Summary: | [PEM] pem_CreateObject() leaks memory given a non-existing file name | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kamil Dudka <kdudka> | ||||||
| Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Aleš Mareček <amarecek> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 6.2 | CC: | amarecek, kchamart, rrelyea | ||||||
| Target Milestone: | rc | Keywords: | Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | nss-3.13.3-3.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | 734760 | ||||||||
| : | 806058 (view as bug list) | Environment: | |||||||
| Last Closed: | 2012-06-20 07:23:23 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 734760 | ||||||||
| Bug Blocks: | 746629, 806058 | ||||||||
| Attachments: |
|
||||||||
|
Description
Kamil Dudka
2011-10-17 10:45:40 UTC
This is currently worked around in upstream curl: https://github.com/bagder/curl/blob/491c5a4/lib/nss.c#L382 If you comment out the 'if(is_file(filename))' line, it will leak given a non-existing file name, and it will be easily visible in valgrind. IIRC, this bug broke curl test-suite, which runs through valgrind and this way I discovered the bug and came with the workaround. Created attachment 569516 [details]
Plug memory leak on pem_CreateObject
Comment on attachment 569516 [details]
Plug memory leak on pem_CreateObject
r+ rrelyea
I still think there is a memory leak here, though.
listItem, and listObj are not being freed in the error case.. in loser.
This patch closes some of the leaks.
Comment on attachment 569516 [details]
Plug memory leak on pem_CreateObject
r-. Actually we should make sure we are freeing everything in this patch before it's approved.
Bob, you are right. The patch is incomplete. Created attachment 569656 [details] proposed fix V2 $ valgrind /usr/bin/curl --cacert xxx https://localhost ==21816== Memcheck, a memory error detector ==21816== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==21816== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info ==21816== Command: /usr/bin/curl --cacert xxx https://localhost ==21816== curl: (77) Problem with the SSL CA cert (path? access rights?) ==21816== ==21816== HEAP SUMMARY: ==21816== in use at exit: 16,315 bytes in 101 blocks ==21816== total heap usage: 8,587 allocs, 8,486 frees, 2,269,057 bytes allocated ==21816== ==21816== LEAK SUMMARY: ==21816== definitely lost: 0 bytes in 0 blocks ==21816== indirectly lost: 0 bytes in 0 blocks ==21816== possibly lost: 88 bytes in 2 blocks ==21816== still reachable: 16,227 bytes in 99 blocks ==21816== suppressed: 0 bytes in 0 blocks ==21816== Rerun with --leak-check=full to see details of leaked memory ==21816== ==21816== For counts of detected and suppressed errors, rerun with: -v ==21816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 9 from 7) Comment on attachment 569656 [details]
proposed fix V2
r+ Yup, that fixes it.
bob
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0973.html |