RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1007614 - memory leak in infpy_read_memory()
Summary: memory leak in infpy_read_memory()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gdb
Version: 6.4
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Sergio Durigan Junior
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On:
Blocks: 826266 1020419 1056252 1092931
TreeView+ depends on / blocked
 
Reported: 2013-09-13 00:00 UTC by Laszlo Ersek
Modified: 2014-10-14 07:28 UTC (History)
5 users (show)

Fixed In Version: gdb-7.2-67.el6
Doc Type: Bug Fix
Doc Text:
Cause: A specific function in the Python support on GDB leaked the reference to a buffer that was read from the program being debugged. Consequence: In a memory-intensive scenario, GDB would leak a big amount of memory. Fix: GDB now correctly frees the memory acquired. Result: GDB does not overconsume memory when using Python scriptting on memory-intensive scenarios.
Clone Of:
Environment:
Last Closed: 2014-10-14 07:28:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1534 0 normal SHIPPED_LIVE gdb bug fix and enhancement update 2014-10-14 01:21:50 UTC

Description Laszlo Ersek 2013-09-13 00:00:08 UTC 
*** Description of problem:

The infpy_read_memory() function [gdb/python/py-inferior.c] leaks memory: it leaks a reference to the buffer that is read from the debuggee and is passed to the Python script. When the value goes out of scope or becomes otherwise unreferenced in the Python script, it should be freed, but due to the leaked reference, it is never released.

This is a problem for memory-intensive python scripts. For a real example, see blocked blug 826266; my Python script there wants to read several gigabytes from a coredump. I'll paste a simple reproducer below.

*** Version-Release number of selected component (if applicable):
gdb-7.2-60.el6_4.1.x86_64 (RHEL-6.4.z)

*** How reproducible:
100%

*** Steps to Reproduce:

1. Save the following python code in the file "testprog.py":
--------[snip]--------
class HelloWorld (gdb.Command):
    """Greet the whole world."""

    def __init__ (self):
        super (HelloWorld, self).__init__ ("hello-world",
                                           gdb.COMMAND_OBSCURE)

    def invoke (self, arg, from_tty):
        px = gdb.parse_and_eval("px")
        core = gdb.inferiors()[0]
        for i in range(256 * 1024):
            chunk = core.read_memory(px, 4096)
        print "Hello, World!"

HelloWorld ()
--------[snip]--------

2. Save the following C test program in the file "testprog.c":
--------[snip]--------
#include <unistd.h>

static struct x {
  char unsigned u[4096];
} x, *px = &x;

int
main(void)
{
  pause();
  return 0;
}
--------[snip]--------

3. build it:
    gcc -g3 -o testprog testprog.c

4. Enable coredumps:
    ulimit -c unlimited

5. Disable abrt or at least reconfigure /proc/sys/kernel/core_pattern so that the coredump is written to a local file and not piped to abrt.

6. start the program:
    ./testprog

7. Send SIGQUIT to the program, pressing Ctrl-\, eliciting a coredump.

8. Open the core with gdb:
    gdb ./testprog core.PID

9. Load the python script:
    (gdb) source testprog.py

10. From another terminal, check the initial memory usage of gdb:
    ps -o pid,rsz,vsz,cmd -C gdb

11. Run the python script:
    (gdb) hello-world

12. From another terminal, verify the memory usage of gdb after the 1st run:
    ps -o pid,rsz,vsz,cmd -C gdb

13. Run the python script again:
    (gdb) hello-world

14. From another terminal, verify the memory usage of gdb after the 2nd run:
    ps -o pid,rsz,vsz,cmd -C gdb

*** Actual results:
From step 10 to step 12, 1 GB virtual memory is leaked.
From step 12 to step 14, another GB of virtual memory is leaked.

*** Expected results:
Memory footprint stays reasonably stable.

*** Additional info:
Apparently, this bug has been fixed by upstream gdb git commit

commit 655e820cf9a039ee55325d9e1f8423796d592b4b
Author: Tom Tromey <tromey>
Date:   Wed Mar 28 17:38:07 2012 +0000

        * python/py-inferior.c (infpy_read_memory): Remove cleanups and
        explicitly free 'buffer' on exit paths.  Decref 'membuf_object'
        before returning.

The second part looks relevant here (ie. the Py_DECREF (membuf_obj) call before returning.)

The bug seems to be present in gdb-7.2-64.el6 too (ie. the current RHEL-6.5 development version).
Comment 1 Laszlo Ersek 2013-09-13 00:10:59 UTC 
Inheriting Severity from blocked bug 826266.
Comment 3 Sergio Durigan Junior 2014-04-09 22:58:05 UTC 
FYI, the commit has changed to:

commit cc0265cdda9dc7e8665e8bfcf5b4477489daf27c

Because GDB+Binutils have recently migrated to git and rewritten all of the repository's history.  I am working on this bug now.
Comment 7 errata-xmlrpc 2014-10-14 07:28:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1534.html
Note You need to log in before you can comment on or make changes to this bug.