[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#818178: libc6: getaddrinfo/freeadrinfo memory leak



control: tag -1 + confirmed
control: severity -1 minor

On 2016-03-14 15:54, Tim Ruehsen wrote:
> Package: libc6
> Severity: important
> 
> Dear Maintainer,
> 
> getaddrinfo/freeaddrinfo seems to have a memory leak.
> 
> Testcode:
> #include <stdio.h>
> #include <string.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netdb.h>
> 
> int main(void)
> {
>         struct addrinfo *addrinfo, hints;
> 
>         memset(&hints, 0 ,sizeof(hints));
>         hints.ai_family = AF_UNSPEC;
>         hints.ai_socktype = SOCK_STREAM;
>         hints.ai_flags = AI_NUMERICSERV | AI_ADDRCONFIG;
> 
>         int rc;
>         if ((rc = getaddrinfo("localhost", "80", &hints, &addrinfo)) == 0) {
>                 freeaddrinfo(addrinfo);
>         }
>         printf("rc=%d\n", rc);
> 
>         return 0;
> }
> 
> Valgrind throws out:
> ==10088== HEAP SUMMARY:
> ==10088==     in use at exit: 28 bytes in 1 blocks
> ==10088==   total heap usage: 45 allocs, 44 frees, 7,337 bytes allocated
> ==10088== 
> ==10088== 28 bytes in 1 blocks are still reachable in loss record 1 of 1
> ==10088==    at 0x4C29C0F: malloc (vg_replace_malloc.c:299)
> ==10088==    by 0x4F3BA64: __res_vinit (in /lib/x86_64-linux-gnu/libc-2.22.so)
> ==10088==    by 0x4F3D17C: __res_maybe_init (in /lib/x86_64-linux-gnu/libc-2.22.so)
> ==10088==    by 0x4F09A26: gaih_inet (in /lib/x86_64-linux-gnu/libc-2.22.so)
> ==10088==    by 0x4F0BD0D: getaddrinfo (in /lib/x86_64-linux-gnu/libc-2.22.so)
> ==10088==    by 0x400625: main (in /usr/oms/src/wget2/examples/x)
> ==10088== 
> ==10088== LEAK SUMMARY:
> ==10088==    definitely lost: 0 bytes in 0 blocks
> ==10088==    indirectly lost: 0 bytes in 0 blocks
> ==10088==      possibly lost: 0 bytes in 0 blocks
> ==10088==    still reachable: 28 bytes in 1 blocks
> ==10088==         suppressed: 0 bytes in 0 blocks
> 
> Currently a test suite here fails due to this leak.
> When setting 'addrinfo' to NULL after freeaddrinfo(), valgrind reports the leak as
> 'definitely lost' and returns with non-zero, thus the breakage of the test suite.

The problem happens when /etc/resolv.conf contains IPv6 nameservers.
__res_vinit allocates their addresses using malloc, and later doesn't
free the memory when exiting

While this is definitely a bug, the leakage happens only once per
nameserver and per program, and doesn't increase with the number of
calls to getaddrinfo. Moreover it is actually useful to keep this
information up to the end of the program and to avoid parsing
/etc/resolv.conf multiple times. I am therefore decreasing the
severity to minor.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net


Reply to: