Bug 74346 - tgetent leaks memory on every call.
tgetent leaks memory on every call.
Product: Red Hat Linux
Classification: Retired
Component: libtermcap (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Raszyk
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2002-09-20 18:13 EDT by Michael Kohne
Modified: 2015-01-07 19:00 EST (History)
2 users (show)

See Also:
Fixed In Version: libtermcap-2.0.8 Release 44
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-03 06:24:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch for memory leak (758 bytes, patch)
2003-05-16 19:23 EDT, Lev Iserovich
no flags Details | Diff
fixes all tgetent leaks (758 bytes, patch)
2003-05-18 00:59 EDT, Lev Iserovich
no flags Details | Diff
again (973 bytes, patch)
2003-05-18 01:03 EDT, Lev Iserovich
no flags Details | Diff
libtermcap-2.0.8-44.src.rpm (223.16 KB, application/x-rpm)
2006-01-03 04:25 EST, Petr Raszyk
no flags Details

  None (edit)
Description Michael Kohne 2002-09-20 18:13:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)

Description of problem:
Repeated calls to the tgetent routine from within a single process seem to leak 
memory. Demonstration program 'ft.C' to be compiled with 
g++ -o ft ft.C -ltermcap
(NOTE: assumes vt100 is defined in your system's termcap database).
#include <stdlib.h>
#include <termcap.h>
#include <assert.h>

int main(int argc, char **argv)
    int ret = tgetent(NULL,"vt100");

The program that was initially affected by this problem is a port of some very 
old, strange software, and it does wierd terminal handling. This forces me to 
call tgetent repeatedly. As a workaround, I'm caching the output of 
tgetstr/tgetnum/etc for the capabilities I'm interested in.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run 'top'
2. On a seperate console, run the 'ft' program (see description)
3. Watch top

Actual Results:  The 'ft' process will steadily increase in size until it eats 
all memory in the system, and then crash.

Expected Results:  The 'ft' process should NOT increase in size. The only thing 
it should do is eat up CPU. 

Additional info:

Possibly relevant RPM versions:
Comment 1 Lev Iserovich 2003-05-16 19:23:02 EDT
Created attachment 91752 [details]
patch for memory leak

This patch will fix the memory leak on tgetent.
This problem also caused bash to die when you would set the TERM variable to an
invalid type, then valid, then invalid again. 
This was because a security patch to termcap.c made it allocate a new buffer on
every call, regardless of whether a buffer was passed in.
This patch fixes that by remembering correctly when libtermcap allocates memory
and only freeing it in those cases (eliminates the bash crash),
and always freeing the buffer when the reference is updated (eliminating the
memory leak).
Comment 2 Lev Iserovich 2003-05-16 19:40:35 EDT
The previous patch fixes only part of the memory leak it seems..
bash now works correctly, however the ft program from Michael's report still
eats memory.
It seems to be the linked list handling in tgetent..
Comment 3 Lev Iserovich 2003-05-18 00:59:23 EDT
Created attachment 91764 [details]
fixes all tgetent leaks

This includes the above patch, and also fixes the leak in the "ft" program
Michael describes.
tgetent is now leak-free!
(used valgrind - http://developer.kde.org/~sewardj/ - to find this one -- cool
Comment 4 Lev Iserovich 2003-05-18 01:03:51 EDT
Created attachment 91765 [details]

again -- messed up my filenames, and last one didn't take. sorry.
Comment 5 Petr Raszyk 2006-01-03 04:25:15 EST
Created attachment 122706 [details]

Thank you for your precise example !
I can not use your patch today (the issue
above was partially resolved), but 
there is still the 'bug' (as you describe) !

Thanks !

--- termcap-2.0.8/termcap.c.rasold	2006-01-02 17:10:29.000000000 +0100
+++ termcap-2.0.8/termcap.c	2006-01-02 17:10:52.000000000 +0100
@@ -421,6 +421,7 @@
	sp = get_one_entry(fp, term_list[index]);
	if (sp == NULL) break;
	build_list(&l, sp, term_list);
+	free (sp);

Note You need to log in before you can comment on or make changes to this bug.