[Bug libc/26641] New: Memory leak in _dl_scope_free

[Bug libc/26641] New: Memory leak in _dl_scope_free

[peadar at arista dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=26641

            Bug ID: 26641
           Summary: Memory leak in _dl_scope_free
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: peadar at arista dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 12852
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12852&action=edit
Tentative patch to fix/explain issue.

You can reproduce this issue running valgrind on a multithreaded program that
opens a large number of shared libraries, and the attached patch solves it
locally.

_dl_scope_free is used when releasing a "scope". 

This either
  * frees the scope directly (unthreaded case),
  * creates a new dl_scope_free_list for the scope (threaded case, first call), 
  * adds the scope to the existing scope_free_list (second and successive
call), 
  * eventually free's the content of the scope_free_list (when
dl_scope_free_list has filled).

The intent, I assume, is to amortize the time spent synchronizing with other
threads in THREAD_GSCOPE_WAIT by just doing it once for a bunch of calls to
"free".

The problem is in the final case, when the space in dl_scope_free_list is
exhausted, the appropriate synchronization is performed , all the existing
scopes on the free list are free'd, *however*, the passed "old" scope is not.

There's also a cosmetic issue in dl-libc.c in the __libc_freeres callback -
When cleaning up with the _dl_scope_free_list, only the list itself is free'd.
The entries it points to are not.

-- 
You are receiving this mail because:
You are on the CC list for the bug.