Bug 836285 - Memory leak in Python module "_hashlib"
Memory leak in Python module "_hashlib"
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: python (Show other bugs)
17
All Linux
unspecified Severity high
: ---
: ---
Assigned To: Bohuslav "Slavek" Kabrda
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-28 10:55 EDT by Michael Fötsch
Modified: 2012-08-13 21:03 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-03 07:29:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fix for the issue (811 bytes, patch)
2012-06-28 10:57 EDT, Michael Fötsch
no flags Details | Diff

  None (edit)
Description Michael Fötsch 2012-06-28 10:55:46 EDT
The algorithm-specific object constructors in the "_hashlib" module ("_hashlib.md5", "_hashlib.sha1", etc.) cause a leak by incrementing the reference count of their string argument. ("_hashlib.new" does not suffer from the issue.)

"PyBuffer_Release()" is missing in the Fedora-specific function "implement_specific_EVP_new()". Patch is attached.

This code reproduces the bug:

import _hashlib
s = "some string"
_hashlib.md5(s)   # increments ref count for s
_hashlib.sha1(s)  # increments ref count for s
import sys
print sys.getrefcount(s) # prints 4, should be 2
Comment 1 Michael Fötsch 2012-06-28 10:57:02 EDT
Created attachment 595043 [details]
fix for the issue
Comment 2 Bohuslav "Slavek" Kabrda 2012-07-13 07:30:48 EDT
Hi Michael,
thanks for the report. Just to clarify:
1) Do you mean functions openssl_md5, resp openssl_sha1?
2) If I understand it correctly, what happens is, that during "PyArg_ParseTupleAndKeywords" execution, the "view" buffer gets filled (somewhere down the "convertsimple" method, I think the line is 920 in getattr.c) and therefore raises the reference count to the string. Is this right?
3) Looking at your patch, it seems that the first hunk is the same as in your report at [1], which is not in Fedora yet; the second hunk is the actual fix of the Fedora specific function.


All in all, I see no problem with your patch and I think it's safe to apply. Could you please confirm my above observations?


[1] http://bugs.python.org/issue15219
Comment 3 Michael Fötsch 2012-07-13 08:13:23 EDT
1) Yes, you are right.
2) It might be line 837 in getattr.c, but yes, this is my understanding of what happens as well.
3) You are correct. (Sorry, I forgot to link to that other issue.)

Thanks!
Comment 4 Bohuslav "Slavek" Kabrda 2012-07-13 08:17:29 EDT
(In reply to comment #3)
> 1) Yes, you are right.
> 2) It might be line 837 in getattr.c, but yes, this is my understanding of
> what happens as well.
> 3) You are correct. (Sorry, I forgot to link to that other issue.)
> 
> Thanks!

Thank for the clarification. As I am just a comaintainer, I would like Dave Malcolm to confirm fixing this first. If he doesn't show up here, I'll email him in few days.

Again, thanks for the report.
Comment 5 Dave Malcolm 2012-07-16 17:33:55 EDT
Good catch - thanks!  The leak is in the general path within implement_specific_EVP_new() and the error handling path in EVP_new().

Patch looks correct, feel free to apply to master and to the other live branches of "python".

I don't *think* the bug is present in the equivalent python3 code, as I had to tweak things during the port, and I think I fixed it then.
Comment 6 Fedora Update System 2012-07-24 08:14:56 EDT
python-2.7.3-7.2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/python-2.7.3-7.2.fc17
Comment 7 Fedora Update System 2012-07-24 08:15:08 EDT
python-2.7.3-4.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/python-2.7.3-4.fc16
Comment 8 Fedora Update System 2012-07-24 19:27:49 EDT
Package python-2.7.3-4.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing python-2.7.3-4.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-11038/python-2.7.3-4.fc16
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2012-08-03 07:29:34 EDT
python-2.7.3-7.2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-08-13 21:03:21 EDT
python-2.7.3-4.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.