Bug 221187 - execvp memory leak in vfork context
execvp memory leak in vfork context
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2007-01-02 15:29 EST by Reed Sandberg
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-01-18 16:41:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Reed Sandberg 2007-01-02 15:29:08 EST
Description of problem:
When execvp() does pathname expansion on the first argument (the executable), it
doesn't clean up and when called in a vfork() context (where memory is shared
initially) causes a leak in the parent.

Version-Release number of selected component (if applicable):

How reproducible:
Yes, simple

Steps to Reproduce:
Leak manifested itself while running qmail - specifically in qmail-rspawn.c and
qmail-lspawn.c (among others):

qmail-rspawn.c at end of file
 if (!(f = vfork()))
   if (fd_move(0,fdmess) == -1) _exit(111);
   if (fd_move(1,fdout) == -1) _exit(111);
   if (fd_copy(2,1) == -1) _exit(111);
   if (error_temp(errno)) _exit(111);

1. call vfork()
2. call execvp() within child proc
3. repeat x times
4. verify the parent has x copies of the first argument to execvp() after
pathname expansion in heap (dump core and then run 'strings' on the core)
Actual results:
each vfork leaves an unreferenced copy of the first arg to execvp() after
pathname expansion in the parent's memory space.

Additional info:
Manifested while running qmail where many vfork()'s are done and the issue
becomes significant.
Comment 2 Jakub Jelinek 2007-01-18 16:41:02 EST
Should be fixed in glibc-2.5.90-15 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.