This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 772628 - nss_Init() leaks memory
nss_Init() leaks memory
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss (Show other bugs)
6.2
All Linux
high Severity medium
: rc
: ---
Assigned To: Elio Maldonado Batiz
Aleš Mareček
: Patch
Depends On:
Blocks: 738456 812423
  Show dependency treegraph
 
Reported: 2012-01-09 08:27 EST by Kamil Dudka
Modified: 2013-10-18 07:33 EDT (History)
5 users (show)

See Also:
Fixed In Version: nss-3.13.3-4.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed
Story Points: ---
Clone Of:
: 812423 975755 (view as bug list)
Environment:
Last Closed: 2012-06-20 03:23:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
a proposed fix (802 bytes, patch)
2012-01-09 08:30 EST, Kamil Dudka
no flags Details | Diff
a proposed fix V2 (847 bytes, patch)
2012-02-29 12:22 EST, Kamil Dudka
emaldona: review+
Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 745224 None None None Never

  None (edit)
Description Kamil Dudka 2012-01-09 08:27:09 EST
Version-Release number of selected component (if applicable):
nss-3.12.10-17.1.el6


How reproducible:
100 %


Steps to Reproduce:
1. patch curl by attachment #525555 [details]
2. run this test-case: attachment #551005 [details]

  
Actual results:
==17888== 512 bytes in 16 blocks are definitely lost in loss record 75 of 86
==17888==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==17888==    by 0x331A412574: GrowStuff (prprf.c:1076)
==17888==    by 0x331A411BD7: dosprintf (prprf.c:137)
==17888==    by 0x331A412439: PR_vsmprintf (prprf.c:1127)
==17888==    by 0x331A41272C: PR_smprintf (prprf.c:1105)
==17888==    by 0x5581D5C: nss_MkConfigString (nssinit.c:205)
==17888==    by 0x55826E9: nss_Init (nssinit.c:597)
==17888==    by 0x5582DFA: NSS_InitContext (nssinit.c:804)
==17888==    by 0x4EC8776: nss_init_core (nss.c:905)
==17888==    by 0x4EC8914: nss_init (nss.c:949)
==17888==    by 0x4EC8F7F: Curl_nss_connect (nss.c:1167)
==17888==    by 0x4EBC00A: Curl_ssl_connect (sslgen.c:185)
Comment 1 Kamil Dudka 2012-01-09 08:30:49 EST
Created attachment 551566 [details]
a proposed fix
Comment 3 Elio Maldonado Batiz 2012-02-29 11:16:08 EST
Thank you for the patch but is not needed since the update to nss 3.13.1.
In the current code in nssinit.c we have
loser:
    if (initContextPtr && *initContextPtr) {
	PORT_Free(*initContextPtr);
	*initContextPtr = NULL;
	if (configStrings) {
	   PR_smprintf_free(configStrings);
	}
    }
and with initContextPtr NULL configStrings = pk11_config_strings whose allocation/deallocation is handled by PK11_ConfigurePKCS11 and PK11_UnconfigurePKCS11.
Comment 4 Kamil Dudka 2012-02-29 12:15:17 EST
(In reply to comment #3)
> Thank you for the patch but is not needed since the update to nss 3.13.1.

I disagree.

> In the current code in nssinit.c we have
> loser:
>     if (initContextPtr && *initContextPtr) {
>  PORT_Free(*initContextPtr);
>  *initContextPtr = NULL;
>  if (configStrings) {
>     PR_smprintf_free(configStrings);
>  }
>     }

This code is not new to 3.13.1 and does not solve the issue I reported.

> and with initContextPtr NULL configStrings = pk11_config_strings whose
> allocation/deallocation is handled by PK11_ConfigurePKCS11 and
> PK11_UnconfigurePKCS11.

Right, then we need to handle this case separately to avoid a double free.
Comment 5 Kamil Dudka 2012-02-29 12:22:19 EST
Created attachment 566601 [details]
a proposed fix V2

Avoid a double free.
Comment 6 Eduard Benes 2012-03-05 12:53:10 EST
Is this NSS bug required for fixing bug 738456?
Comment 7 Kamil Dudka 2012-03-05 13:18:17 EST
(In reply to comment #6)
> Is this NSS bug required for fixing bug 738456?

Without this patch applied, nss will start to leak on initialization as soon as bug 738456 is fixed.  From my point of view, such amount of memory leakage is acceptable, but I am not the one here to make decisions.
Comment 11 Bob Relyea 2012-03-08 20:47:53 EST
upstream bug?
Comment 13 Kamil Dudka 2012-04-13 07:21:50 EDT
Elio, could you please apply my fix on Fedora?

This bug breaks curl's test-suite badly:

http://koji.fedoraproject.org/koji/getfile?taskID=3987501&name=build.log
Comment 14 Elio Maldonado Batiz 2012-04-13 13:20:20 EDT
(In reply to comment #13)
Kamil, I applied your fix to Fedora Rawhide and submitted it upstream.
Comment 15 Elio Maldonado Batiz 2012-04-26 14:30:48 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed
Comment 17 errata-xmlrpc 2012-06-20 03:23:43 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0973.html

Note You need to log in before you can comment on or make changes to this bug.