Bug 440474 - memberOf: Various member operations leak memory
Summary: memberOf: Various member operations leak memory
Alias: None
Product: 389
Classification: Retired
Component: Server - memberOf Plug-in
Version: 1.1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nathan Kinder
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 249650 429034 FDS1.2.0
TreeView+ depends on / blocked
Reported: 2008-04-03 17:55 UTC by Nathan Kinder
Modified: 2015-01-04 23:31 UTC (History)
4 users (show)

Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-04-29 23:03:33 UTC

Attachments (Terms of Use)
Valgrind leak reports (8.93 KB, text/plain)
2008-04-03 17:55 UTC, Nathan Kinder
no flags Details
CVS Diffs (3.07 KB, patch)
2008-04-03 18:13 UTC, Nathan Kinder
no flags Details | Diff
valgrind output from bug verification (40.09 KB, application/x-bzip)
2009-04-02 17:43 UTC, Jenny Severance
no flags Details

Description Nathan Kinder 2008-04-03 17:55:55 UTC
A number of memory leaks in the memberOf plug-in occur during various operations
on member attributes.  These leaks were discovered using valgrind to run
ns-slapd.  The options to valgrind used on my system were:

  valgrind --leak-check=full ./ns-slapd -D /opt/dirsrv/etc/dirsrv/slapd-windsor
-i /opt/dirsrv/var/run/dirsrv/slapd-windsor.pid -w
/opt/dirsrv/var/run/dirsrv/slapd-windsor.startpid -d 0

I will add an attachment to this bug with details on what leaks are reported by
valgrind when certain operations are performed.

Comment 1 Nathan Kinder 2008-04-03 17:55:55 UTC
Created attachment 300292 [details]
Valgrind leak reports

Comment 2 Nathan Kinder 2008-04-03 18:13:22 UTC
Created attachment 300297 [details]
CVS Diffs

These diffs address the memory leaks reported in the previous attachment.

We were allocating a Slapi_Mods in the modify callback and never calling
slapi_mods_free() at the end of the callback.  Simply added a call to
slapi_mods_free() would cause a double free. This is because we are initialing
the Slapi_Mods by passing in the LDAPMod array from SLAPI_MODIFY_MODS in the
pblock.  This will make slapi_mods_free() do a free of the LDAPMod elements,
but do_modify() is responsible for freeing the LDAPMod array in the pblock. 
The solution is to initialize the Slapi_Mods by reference so slapi_mods_free()
doesn't try to free the LDAPMod array.

There were 4 places where we were allocating a Slapi_Entry by calling
slapi_search_internal_get_entry(), but never freeing the entry when we were
finished with it.

We were allocating two Slapi_Value arrays with slapi_ch_malloc(), but were
never calling slapi_ch_free() when we were finished.

Comment 3 Nathan Kinder 2008-04-03 23:04:30 UTC
Checked into ldapserver (HEAD).

Checking in memberof.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/memberof/memberof.c,v  <--  memberof.c
new revision: 1.6; previous revision: 1.5

Comment 4 Jenny Severance 2009-04-02 17:42:54 UTC
fix verifed RHEL 5 DS 8.1
Ran all test in valgrind leaks report attachment

Attaching valgrind output from varification.

Comment 5 Jenny Severance 2009-04-02 17:43:43 UTC
Created attachment 337859 [details]
valgrind output from bug verification

Comment 6 Chandrasekar Kannan 2009-04-29 23:03:33 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.