735835 – Memory leak in xmlrpc-c version 1.16.24

Bug 735835 - Memory leak in xmlrpc-c version 1.16.24

Summary: Memory leak in xmlrpc-c version 1.16.24

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	xmlrpc-c
Sub Component:
Version:	5.7
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Mikolaj Izdebski
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	741641
TreeView+	depends on / blocked

Reported:	2011-09-05 16:28 UTC by Michele Dibenedetto
Modified:	2012-06-07 08:39 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	741641 (view as bug list)
Environment:
Last Closed:	2012-06-07 08:39:17 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michele Dibenedetto 2011-09-05 16:28:30 UTC

Description of problem:
xmlrpc-c library version 1.16.24 has a memory leak.
This leak is evident running a simpe XML-RPC client under valgrind 

Version-Release number of selected component (if applicable):
1.16.24-1206.1840

How reproducible:
Writing a simple XML-RPC client and server with a method having as parameters an array of structres start the server and perform an xmlrpc call with the client under valgrind. valgrind will report the memory leakage of the library.

Steps to Reproduce:
1.Write an xmlrpc server with a method having as parameters an array of structures
2.Write an xmlrpc client using xmlrpc-c-client calling the defined method
3.Execute the client under valgrind with --leak-check=yes option
4.Inspect valgrind output
  
Actual results:
valgrind will report the loss of memory allocated by xmlrpc_createXmlrpcValue function. Here is a sample output

==11383== 1,512 (96 direct, 1,416 indirect) bytes in 2 blocks are definitely lost in loss record 1,916 of 2,075
==11383==    at 0x4A0646F: malloc (vg_replace_malloc.c:236)
==11383==    by 0x4C1C142: xmlrpc_createXmlrpcValue (xmlrpc_data.c:320)
==11383==    by 0x4C1EB71: xmlrpc_array_new (xmlrpc_array.c:191)
==11383==    by 0x4C1FAAD: getValue (xmlrpc_build.c:109)
==11383==    by 0x4C2010E: xmlrpc_build_value_va (xmlrpc_build.c:376)
==11383==    by 0x38ED2041BD: xmlrpc_client_call_asynch (in /usr/lib64/libxmlrpc_client.so.3.16)

Expected results:
valgrind does not report any memory leakage

Additional info:
Performing this test with last stable xmlrpc-c version 1.25.10 does not shows the memory leak

Comment 1 Vojtech Vitek 2011-11-03 21:57:40 UTC

Thanks for the report, Michele.
Unfortunately, I couldn't reproduce the issue yet. /no leaks/ Could you please provide the reproducer?

Comment 2 Vojtech Vitek 2011-11-03 22:03:05 UTC

Possible patch:

diff --git a/src/xmlrpc_client_global.c b/src/xmlrpc_client_global.c
index 7beba14..9725ae6 100644
--- a/src/xmlrpc_client_global.c
+++ b/src/xmlrpc_client_global.c
@@ -319,6 +319,7 @@ xmlrpc_client_call_asynch(const char * const serverUrl,
                     serverUrl, methodName, responseHandler, userData,
                     paramArrayP);
         }
+       free(paramArrayP);
     }
     if (env.fault_occurred)
         (*responseHandler)(serverUrl, methodName, NULL, userData, &env, NULL);

--

I can't confirm this patch without the reproducer..

Comment 3 Mikolaj Izdebski 2012-06-07 08:39:17 UTC

I am not able to reproduce this memory leak either.

Because this bug was in NEEDINFO for over 6 months and there was no reply from the reporter, I am closing this bug with CANTFIX.

Michele: If you post a working reproducer then I may be able to reopen the bug.

Note You need to log in before you can comment on or make changes to this bug.