[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[umbrook0 at cs dot umanitoba dot ca]

------- Additional Comments From umbrook0 at cs dot umanitoba dot ca  2006-03-13 04:43 -------
Created an attachment (id=916)
 --> (http://sourceware.org/bugzilla/attachment.cgi?id=916&action=view)
Small test case


-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] New: dlopen can leak small amounts of memory if it fails

[umbrook0 at cs dot umanitoba dot ca]

Valgrind reports that dlopen() leaks memory if it fails because the file is invalid.

To duplicate:
1. echo "Test" > not-a-lib.so
2. gcc -g test.c -ldl
3. valgrind --leak-check=full ./a.out

Result:
==5903== 15 bytes in 1 blocks are definitely lost in loss record 1 of 1
==5903==    at 0x1B909222: malloc (vg_replace_malloc.c:130)
==5903==    by 0x1B8EB8C7: expand_dynamic_string_token (in /lib/ld-2.3.5.so)
==5903==    by 0x1B8EC410: _dl_map_object (in /lib/ld-2.3.5.so)
==5903==    by 0x1B8F5273: dl_open_worker (in /lib/ld-2.3.5.so)
==5903==    by 0x1B8F1C6D: _dl_catch_error (in /lib/ld-2.3.5.so)
==5903==    by 0x1B8F59C8: _dl_open (in /lib/ld-2.3.5.so)
==5903==    by 0x5ABD41: dlopen_doit (in /lib/libdl-2.3.5.so)
==5903==    by 0x1B8F1C6D: _dl_catch_error (in /lib/ld-2.3.5.so)
==5903==    by 0x5AC3E2: _dlerror_run (in /lib/libdl-2.3.5.so)
==5903==    by 0x5ABDD1: dlopen@@GLIBC_2.1 (in /lib/libdl-2.3.5.so)
==5903==    by 0x8048422: main (test.c:7)

I found this problem on Fedora Core 4 (glibc 2.3.5).

The problem seems to be that it allocates variable called realname (using
expand_dynamic_string_token) in _dl_map_object, but may call _dl_signal_error
later in the function without freeing the variable.  It looks like a variable
called name_copy has the same problem.

If that is the problem, then, looking at the source code for glibc 2.4, it looks
like the problem is still there.

-- 
           Summary: dlopen can leak small amounts of memory if it fails
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: minor
          Priority: P2
         Component: libc
        AssignedTo: drepper at redhat dot com
        ReportedBy: umbrook0 at cs dot umanitoba dot ca
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[avuton at gmail dot com]

------- Additional Comments From avuton at gmail dot com  2006-03-14 11:18 -------
This does still exist in glibc 2.4  

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[jakub at redhat dot com]

------- Additional Comments From jakub at redhat dot com  2006-03-14 11:21 -------
http://sources.redhat.com/ml/libc-hacker/2006-03/msg00034.html

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[jakub at redhat dot com]

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|drepper at redhat dot com   |jakub at redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[drepper at redhat dot com]

------- Additional Comments From drepper at redhat dot com  2006-04-01 19:05 -------
Fixed in CVS.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[wtchang at redhat dot com]

------- Additional Comments From wtchang at redhat dot com  2007-01-19 19:20 -------
Valgrind reports a leak in dlopen() that is almost the same as this bug:

==4630== 4 bytes in 1 blocks are still reachable in loss record 1 of 19
==4630==    at 0x442972F: malloc (vg_replace_malloc.c:149)
==4630==    by 0x41068A2: _dl_map_object_from_fd (in /lib/ld-2.3.2.so)
==4630==    by 0x4104D3C: _dl_map_object (in /lib/ld-2.3.2.so)
==4630==    by 0x633F2E5: dl_open_worker (in /lib/tls/libc-2.3.2.so)
==4630==    by 0x410C895: _dl_catch_error (in /lib/ld-2.3.2.so)
==4630==    by 0x633F141: _dl_open (in /lib/tls/libc-2.3.2.so)
==4630==    by 0x45DCFFA: dlopen_doit (in /lib/libdl-2.3.2.so)
==4630==    by 0x410C895: _dl_catch_error (in /lib/ld-2.3.2.so)
==4630==    by 0x45DD4B5: _dlerror_run (in /lib/libdl-2.3.2.so)
==4630==    by 0x45DCFA3: dlopen@@GLIBC_2.1 (in /lib/libdl-2.3.2.so)
==4630==    by 0x4575126: pr_LoadLibraryByPathname (prlink.c:978)
==4630==    by 0x4574FE4: PR_LoadLibraryWithFlags (prlink.c:580)
==4630==    by 0x63A9E5C: bl_LoadFreeblLibInSoftokenDir (loader.c:218)
==4630==    by 0x63A9ECE: bl_LoadLibrary (loader.c:244)
==4630==    by 0x63A9FA7: freebl_LoadDSO (loader.c:296)
==4630==    by 0x457D078: PR_CallOnce (prinit.c:815)
==4630==    by 0x63AA0B6: freebl_RunLoaderOnce (loader.c:330)
==4630==    by 0x63AB6F9: RNG_RNGInit (loader.c:920)
==4630==    by 0x6390C01: nsc_CommonInitialize (pkcs11.c:3063)
==4630==    by 0x6390E58: NSC_Initialize (pkcs11.c:3156)
==4630==    by 0x44DC396: secmod_ModuleInit (pk11load.c:150)
==4630==    by 0x44DC805: SECMOD_LoadPKCS11Module (pk11load.c:327)
==4630==    by 0x44E73A2: SECMOD_LoadModule (pk11pars.c:323)
==4630==    by 0x44E741A: SECMOD_LoadModule (pk11pars.c:338)
==4630==    by 0x44B573C: nss_Init (nssinit.c:481)
==4630==    by 0x44B59B1: NSS_Initialize (nssinit.c:583)
==4630==    by 0x804E67A: main (strsclnt.c:1441)
==4630== 219 bytes in 1 blocks are still reachable in loss record 10 of 19

The two stacks only differ in the function called by _dl_map_object:
expand_dynamic_string_token vs. _dl_map_object_from_fd.

Are these the same leak?

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/2451] dlopen can leak small amounts of memory if it fails

[wtchang at redhat dot com]

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wtchang at redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=2451

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.