public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym
@ 2012-04-24 18:09 wtc at google dot com
2012-04-24 20:42 ` [Bug dynamic-link/14015] " ppluzhnikov at google dot com
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: wtc at google dot com @ 2012-04-24 18:09 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14015
Bug #: 14015
Summary: _dlerror_run leaks memory when called by dlsym
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
AssignedTo: unassigned@sourceware.org
ReportedBy: wtc@google.com
Classification: Unclassified
Created attachment 6362
--> http://sourceware.org/bugzilla/attachment.cgi?id=6362
Test program dlsym_leak.c
This bug may be a duplicate of bug 12878.
When we run valgrind on some unit tests in the Chromium project,
valgrind reports a memory leak in _dlerror_run. The difference
from bug 12878 is that it is dlsym (as opposed to dlopen) that
calls _dlerror_run.
Here are three examples of this leak in Chromium bug reports.
1. http://code.google.com/p/chromium/issues/detail?id=51770
20 bytes in 1 blocks are definitely lost in loss record 7,507 of 16,402
calloc
(sr/local/google/valgrind-for-chromium-client/valgrind/scripts/valgrind-memcheck/coregrind/m_replacemalloc/vg_replace_malloc.c:529)
_dlerror_run (/lib/tls/i686/cmov/libdl-2.7.so)
dlsym (/lib/tls/i686/cmov/libdl-2.7.so)
...
2. http://code.google.com/p/chromium/issues/detail?id=60958
20 bytes in 1 blocks are definitely lost in loss record 8,617 of 20,802
calloc
(sr/local/google/valgrind-for-chromium-client/valgrind/scripts/valgrind-memcheck/coregrind/m_replacemalloc/vg_replace_malloc.c:529)
_dlerror_run (/lib/tls/i686/cmov/libdl-2.7.so)
dlsym (/lib/tls/i686/cmov/libdl-2.7.so)
...
3. http://code.google.com/p/chromium/issues/detail?id=124494
Leak_DefinitelyLost
32 bytes in 1 blocks are definitely lost in loss record 4,335 of 13,650
calloc (m_replacemalloc/vg_replace_malloc.c:1087)
_dlerror_run (/build/buildd/eglibc-2.11.1/dlfcn/dlerror.c:142)
dlsym (/build/buildd/eglibc-2.11.1/dlfcn/dlsym.c:71)
...
The dlsym calls in question look like:
dlsym(RTLD_NEXT, "localtime_r")
or
dlsym(RTLD_DEFAULT, "CERT_CacheOCSPResponseFromSideChannel")
I tried to write a short program that reproduces this memory leak,
but the closest I can get is to have valgrind report a "still reachable"
leak, as opposed to a "definitely lost" leak.
Steps to reproduce:
1. Save the attached test program as dlsym_leak.c.
2. Compile and link the test program:
gcc -D_GNU_SOURCE dlsym_leak.c -ldl -lnss3
3. Run valgrind on the test program:
valgrind --leak-check=full --show-reachable=yes ./a.out
On Ubuntu 10.04.2 LTS, I get this output from valgrind:
==12203== Memcheck, a memory error detector
==12203== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==12203== Using Valgrind-3.8.0.SVN and LibVEX; rerun with -h for copyright info
==12203== Command: ./a.out
==12203==
==12203==
==12203== HEAP SUMMARY:
==12203== in use at exit: 32 bytes in 1 blocks
==12203== total heap usage: 1 allocs, 0 frees, 32 bytes allocated
==12203==
==12203== 32 bytes in 1 blocks are still reachable in loss record 1 of 1
==12203== at 0x4C297FA: calloc (vg_replace_malloc.c:565)
==12203== by 0x4E3431F: _dlerror_run (dlerror.c:142)
==12203== by 0x4E34079: dlsym (dlsym.c:71)
==12203== by 0x40059D: main (in /home/wtc/tmp/a.out)
==12203==
==12203== LEAK SUMMARY:
==12203== definitely lost: 0 bytes in 0 blocks
==12203== indirectly lost: 0 bytes in 0 blocks
==12203== possibly lost: 0 bytes in 0 blocks
==12203== still reachable: 32 bytes in 1 blocks
==12203== suppressed: 0 bytes in 0 blocks
==12203==
==12203== For counts of detected and suppressed errors, rerun with: -v
==12203== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug dynamic-link/14015] _dlerror_run leaks memory when called by dlsym
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
@ 2012-04-24 20:42 ` ppluzhnikov at google dot com
2013-10-03 7:00 ` neleai at seznam dot cz
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: ppluzhnikov at google dot com @ 2012-04-24 20:42 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=14015
Paul Pluzhnikov <ppluzhnikov at google dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |ppluzhnikov at google dot
| |com
AssignedTo|unassigned at sourceware |ppluzhnikov at google dot
|dot org |com
--- Comment #1 from Paul Pluzhnikov <ppluzhnikov at google dot com> 2012-04-24 20:41:45 UTC ---
(In reply to comment #0)
> On Ubuntu 10.04.2 LTS, I get this output from valgrind:
...
> ==12203== 32 bytes in 1 blocks are still reachable in loss record 1 of 1
> ==12203== at 0x4C297FA: calloc (vg_replace_malloc.c:565)
> ==12203== by 0x4E3431F: _dlerror_run (dlerror.c:142)
> ==12203== by 0x4E34079: dlsym (dlsym.c:71)
> ==12203== by 0x40059D: main (in /home/wtc/tmp/a.out)
There is nothing wrong with that.
The code reads:
result = __libc_getspecific (key);
if (result == NULL)
{
result = (struct dl_action_result *) calloc (1, sizeof (*result));
if (result == NULL)
/* We are out of memory. Since this is no really critical
situation we carry on by using the global variable.
This might lead to conflicts between the threads but
they soon all will have memory problems. */
result = &last_result;
else
/* Set the tsd. */
__libc_setspecific (key, result);
}
The only way I can think of for this to become a definite leak is if
someone corrupts thread-specific storage, or terminates the thread in some
"unnatural" way.
This is perhaps best debugged internally to Google.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug dynamic-link/14015] _dlerror_run leaks memory when called by dlsym
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
2012-04-24 20:42 ` [Bug dynamic-link/14015] " ppluzhnikov at google dot com
@ 2013-10-03 7:00 ` neleai at seznam dot cz
2014-02-16 17:44 ` jackie.rosen at hushmail dot com
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: neleai at seznam dot cz @ 2013-10-03 7:00 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14015
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
CC| |neleai at seznam dot cz
Resolution|--- |INVALID
--- Comment #2 from Ondrej Bilka <neleai at seznam dot cz> ---
> The only way I can think of for this to become a definite leak is if
> someone corrupts thread-specific storage, or terminates the thread in some
> "unnatural" way.
>
> This is perhaps best debugged internally to Google.
Closing as this looks like google issue
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug dynamic-link/14015] _dlerror_run leaks memory when called by dlsym
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
2012-04-24 20:42 ` [Bug dynamic-link/14015] " ppluzhnikov at google dot com
2013-10-03 7:00 ` neleai at seznam dot cz
@ 2014-02-16 17:44 ` jackie.rosen at hushmail dot com
2014-05-28 19:42 ` schwab at sourceware dot org
2014-06-25 11:13 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: jackie.rosen at hushmail dot com @ 2014-02-16 17:44 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14015
Jackie Rosen <jackie.rosen at hushmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jackie.rosen at hushmail dot com
--- Comment #3 from Jackie Rosen <jackie.rosen at hushmail dot com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug dynamic-link/14015] _dlerror_run leaks memory when called by dlsym
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
` (2 preceding siblings ...)
2014-02-16 17:44 ` jackie.rosen at hushmail dot com
@ 2014-05-28 19:42 ` schwab at sourceware dot org
2014-06-25 11:13 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: schwab at sourceware dot org @ 2014-05-28 19:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14015
Andreas Schwab <schwab at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|jackie.rosen at hushmail dot com |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug dynamic-link/14015] _dlerror_run leaks memory when called by dlsym
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
` (3 preceding siblings ...)
2014-05-28 19:42 ` schwab at sourceware dot org
@ 2014-06-25 11:13 ` fweimer at redhat dot com
4 siblings, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-25 11:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=14015
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-25 11:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-24 18:09 [Bug dynamic-link/14015] New: _dlerror_run leaks memory when called by dlsym wtc at google dot com
2012-04-24 20:42 ` [Bug dynamic-link/14015] " ppluzhnikov at google dot com
2013-10-03 7:00 ` neleai at seznam dot cz
2014-02-16 17:44 ` jackie.rosen at hushmail dot com
2014-05-28 19:42 ` schwab at sourceware dot org
2014-06-25 11:13 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).