Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 688657 - Memory leak in libXcursor
Memory leak in libXcursor
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libXcursor (Show other bugs)
5.6
All Linux
medium Severity medium
: rc
: ---
Assigned To: Søren Sandmann Pedersen
Desktop QE
: Patch
Depends On:
Blocks: 719046 668957
  Show dependency treegraph
 
Reported: 2011-03-17 12:28 EDT by Olivier Fourdan
Modified: 2013-04-15 05:13 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-04 22:44:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch from upstream git commit e0a501e9 (1.86 KB, patch)
2011-03-17 12:28 EDT, Olivier Fourdan 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1538 normal SHIPPED_LIVE libXcursor bug fix update 2011-12-05 03:43:07 EST

  None (edit)
Description Olivier Fourdan 2011-03-17 12:28:09 EDT 
Created attachment 486058 [details]
Proposed patch from upstream git commit e0a501e9

Description of problem:

There's a memory leak in libXcursor XcursorFileHeaderCreate() which leaks the comment and fileHeader

Version-Release number of selected component (if applicable):

libXcursor-1.1.7-1.1

How reproducible:

Always

Steps to Reproduce:
1. Run any Xt or OpenMotif program within valgrind
  
Actual results:

==3210== 60 bytes in 1 blocks are definitely lost in loss record 386 of 724
==3210==    at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==3210==    by 0x3403C05495: _XcursorFileHeaderCreate (file.c:219)
==3210==    by 0x3403C05CB7: _XcursorReadFileHeader (file.c:255)
==3210==    by 0x3403C066C8: XcursorXcFileLoadImages (file.c:659)
==3210==    by 0x3403C067E8: XcursorFileLoadImages (file.c:948)
==3210==    by 0x3403C07074: XcursorLibraryLoadImages (library.c:311)
==3210==    by 0x3403C079A7: XcursorTryShapeCursor (xlib.c:106)
==3210==    by 0x33FFC250B3: XCreateGlyphCursor (CrGlCur.c:175)
==3210==    by 0x33FFC25610: XCreateFontCursor (Cursor.c:52)
==3210==    by 0x340D81A3F0: XtCvtStringToCursor (Converters.c:688)
==3210==    by 0x340D815953: CallConverter (Convert.c:808)
==3210==    by 0x340D815CDB: _XtConvert (Convert.c:896)

Expected results:

No leak

Additional info:

This is fixed with git commit e0a501e9 upstream:

    commit e0a501e91c270c0e99a55aa568f6df0d3d6e541d
    Author: Chris Wilson <cpwilson@taz.qinetiq.com>
    Date:   Sat Aug 12 19:55:44 2006 +0300

        fix leak in header destruction
        Fix a couple of if (!foo) free(foo); tests.

Patch attached.
Comment 1 RHEL Product and Program Management 2011-05-31 10:47:55 EDT 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 2 Søren Sandmann Pedersen 2011-06-06 21:32:18 EDT 
Devel-ack. These two:

@@ -121,8 +120,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length)
 void
 XcursorCommentDestroy (XcursorComment *comment)
 {
-    if (!comment)
-        free (comment);
+    free (comment);
 }
 
 XcursorComments *
@@ -205,8 +203,7 @@ _XcursorWriteBytes (XcursorFile *file, char *bytes, int length)
 static void
 _XcursorFileHeaderDestroy (XcursorFileHeader *fileHeader)
 {
-    if (!fileHeader)
-        free (fileHeader);
+    free (fileHeader);
 }

are the relevant changes. The sense in the if was inverted.
Comment 7 errata-xmlrpc 2011-12-04 22:44:13 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1538.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.