Bug 1540939 - krb5-libs are leaking memory when parsing krb5 configuration
Summary: krb5-libs are leaking memory when parsing krb5 configuration
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Robbie Harwood
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-01 11:18 UTC by Lukas Slebodnik
Modified: 2018-03-01 15:57 UTC (History)
8 users (show)

Fixed In Version: krb5-1.15.2-7.fc27 krb5-1.15.2-7.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-20 17:15:38 UTC


Attachments (Terms of Use)

Description Lukas Slebodnik 2018-02-01 11:18:03 UTC
Description of problem:
The latest upgrade of krb5 in f26 and f26 introduce a memory leak when parsing
krb5 configuration. Reproducer will use klist as an example but it caused many failures to sssd unit tests which only use krb5-libs


Version-Release number of selected component (if applicable):
sh$ rpm -q krb5-libs
krb5-libs-1.15.2-5.fc26.x86_64

How reproducible:
Deterministic

Steps to Reproduce:
1. dnf install -y -e0 -d0 --enablerepo=updates-testing krb5-workstation valgrind
2. valgrind --leak-check=full klist

Actual results:
sh# dnf install -y -e0 -d0 --enablerepo=updates-testing krb5-workstation valgrind

sh# valgrind --leak-check=full klist
==53== Memcheck, a memory error detector
==53== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==53== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==53== Command: klist
==53== 
klist: Invalid UID in persistent keyring name while getting default ccache
==53== 
==53== HEAP SUMMARY:
==53==     in use at exit: 2,343 bytes in 47 blocks
==53==   total heap usage: 114 allocs, 67 frees, 59,128 bytes allocated
==53== 
==53== 40 bytes in 1 blocks are definitely lost in loss record 8 of 19
==53==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==53==    by 0x60825B3: __scandir_tail (in /usr/lib64/libc-2.25.so)
==53==    by 0x4EC3A0B: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC35BD: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC40F2: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC27B6: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC2868: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC2F20: ??? (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EC635E: profile_init_flags (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4EB8331: k5_os_init_context (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x4E8F108: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==53==    by 0x109B1D: ??? (in /usr/bin/klist)
==53== 
==53== LEAK SUMMARY:
==53==    definitely lost: 40 bytes in 1 blocks
==53==    indirectly lost: 0 bytes in 0 blocks
==53==      possibly lost: 0 bytes in 0 blocks
==53==    still reachable: 2,303 bytes in 46 blocks
==53==         suppressed: 0 bytes in 0 blocks
==53== Reachable blocks (those to which a pointer was found) are not shown.
==53== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==53== 
==53== For counts of detected and suppressed errors, rerun with: -v
==53== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Expected results:
No leaks (the same as with older version)

sh# rpm -q krb5-libs
krb5-libs-1.15.2-4.fc26.x86_64

sh# valgrind --leak-check=full klist
==65== Memcheck, a memory error detector
==65== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==65== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==65== Command: klist
==65== 
klist: Invalid UID in persistent keyring name while getting default ccache
==65== 
==65== HEAP SUMMARY:
==65==     in use at exit: 2,303 bytes in 46 blocks
==65==   total heap usage: 112 allocs, 66 frees, 59,008 bytes allocated
==65== 
==65== LEAK SUMMARY:
==65==    definitely lost: 0 bytes in 0 blocks
==65==    indirectly lost: 0 bytes in 0 blocks
==65==      possibly lost: 0 bytes in 0 blocks
==65==    still reachable: 2,303 bytes in 46 blocks
==65==         suppressed: 0 bytes in 0 blocks
==65== Reachable blocks (those to which a pointer was found) are not shown.
==65== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==65== 
==65== For counts of detected and suppressed errors, rerun with: -v
==65== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Additional info:

Valgrind output from f27 + installed some debug symbols
==27362== 40 bytes in 1 blocks are definitely lost in loss record 10 of 23
==27362==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==27362==    by 0x608B433: __scandir_tail (in /usr/lib64/libc-2.26.so)
==27362==    by 0x4EC5E4B: parse_include_dir (prof_parse.c:301)
==27362==    by 0x4EC59FD: parse_line (prof_parse.c:334)
==27362==    by 0x4EC59FD: parse_file (prof_parse.c:384)
==27362==    by 0x4EC6532: profile_parse_file (prof_parse.c:460)
==27362==    by 0x4EC4BF6: profile_update_file_data_locked (prof_file.c:371)
==27362==    by 0x4EC4CA8: profile_update_file_data (prof_file.c:390)
==27362==    by 0x4EC5360: profile_open_file (prof_file.c:287)
==27362==    by 0x4EC879E: profile_init_flags (prof_init.c:190)
==27362==    by 0x4EBA78F: os_init_paths (init_os_ctx.c:387)
==27362==    by 0x4EBA78F: k5_os_init_context (init_os_ctx.c:438)
==27362==    by 0x4E91558: krb5_init_context_profile (init_ctx.c:195)
==27362==    by 0x109CED: ??? (in /usr/bin/klist)

Comment 1 Robbie Harwood 2018-02-01 11:29:56 UTC
Thank you for filing a bug.  However, since this is a fixed-size leak, I will not be holding back updates to Fedora.

Comment 2 Lukas Slebodnik 2018-02-01 11:37:30 UTC
(In reply to Robbie Harwood from comment #1)
> Thank you for filing a bug.  However, since this is a fixed-size leak, I
> will not be holding back updates to Fedora.

Could you a little bit elaborate here?

Does it mean that there is not a plan to fix it in fedora soon?

or

that broken version will stay in updates-testing and will not be pushed to updates.

Comment 3 Robbie Harwood 2018-02-08 00:00:08 UTC
It means I have more important things to work on right now, and I see no reason not to push it to updates.

Comment 4 Jakub Hrozek 2018-02-10 20:22:38 UTC
I understand the time constraints, but if there is a known fix, would you consider either building another update (which we could then install on your CI machines in the meantime before the 'real' update hits the repos) or just pointing us to the fix so that we can send you a 'fedpkg patch' ?

Or is this a totally unknown issue that we should fix in the first place?

Comment 5 Fedora Update System 2018-02-12 18:12:19 UTC
krb5-1.15.2-6.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-539b4a2339

Comment 6 Fedora Update System 2018-02-12 18:12:29 UTC
krb5-1.15.2-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-090f152cad

Comment 7 Jakub Hrozek 2018-02-12 20:20:42 UTC
Thank you very much for fixing the leak, Robbie.

Comment 8 Lukas Slebodnik 2018-02-13 13:52:19 UTC
(In reply to Jakub Hrozek from comment #7)
> Thank you very much for fixing the leak, Robbie.

+1
Thank you very much for unblocking sssd ci.

Comment 9 Fedora Update System 2018-02-13 16:21:27 UTC
krb5-1.15.2-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-090f152cad

Comment 10 Fedora Update System 2018-02-13 16:40:48 UTC
krb5-1.15.2-6.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-539b4a2339

Comment 11 Fedora Update System 2018-02-13 17:20:26 UTC
krb5-1.15.2-7.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-391a1f3e61

Comment 12 Fedora Update System 2018-02-13 17:20:43 UTC
krb5-1.15.2-7.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0

Comment 13 Fedora Update System 2018-02-14 17:58:35 UTC
krb5-1.15.2-7.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-f97cb1c9b0

Comment 14 Fedora Update System 2018-02-14 18:27:11 UTC
krb5-1.15.2-7.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-391a1f3e61

Comment 15 Fedora Update System 2018-02-20 17:15:38 UTC
krb5-1.15.2-7.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2018-03-01 15:57:53 UTC
krb5-1.15.2-7.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.