cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Help tracking down libcurl + nss memory leak

From: Toshio Kuratomi <a.badger_at_gmail.com>
Date: Wed, 08 Apr 2009 19:18:18 -0700

Daniel Stenberg wrote:
> On Wed, 8 Apr 2009, Toshio Kuratomi wrote:
>
>> nss-3.12.2.0-5.fc10.i386
>> libcurl-7.19.4-3.fc10.i386
>
> Ok. In my end I run libcurl CVS HEAD (no NSS-related changes since
> 7.19.4) and NSS 3.12.2.0 from Debian Unstable (3.12.2.with.ckbi.1.73-1)
> and as far as I know that doesn't have the cert-from-file patches etc
> that Fedora uses.
>
> Anyway, I reduced the number of loops in your sample to the scientific
> amount 13 and then valgrind says this:

> ==31868== LEAK SUMMARY:
> ==31868== definitely lost: 0 bytes in 0 blocks.
> ==31868== possibly lost: 48 bytes in 2 blocks.
> ==31868== still reachable: 12,398 bytes in 89 blocks.
> ==31868== suppressed: 0 bytes in 0 blocks.
>
> I checked the code in libcurl right now and I cannot see how this is a
> flaw in the libcurl code, but I'm not guaranteeing anything...
>
Something is strange. I rebuilt both curl and nss and I'm still getting
 a much larger possibly lost value. here's what I did:

Took Fedora package. Disabled all patches. Removed the nss-pem
tarball. Downloaded the nss tarball from the debian source package.
Rebuilt. (So this has our build flags but no extra code).

Took Fedora package. Disabled all patches. Replaced the tarball with a
tar of cvs checkout of curl which had ./buildconf run in it.

Here's the summary:
==19117== definitely lost: 352 bytes in 14 blocks.
==19117== possibly lost: 6,019,172 bytes in 24,722 blocks.
==19117== still reachable: 82,399 bytes in 170 blocks.
==19117== suppressed: 0 bytes in 0 blocks.

I'll attach the full log.

I can attach the rpm spec file for curl and nss if you're interested.

-Toshio

==19117== Memcheck, a memory error detector.
==19117== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==19117== Using LibVEX rev 1804, a library for dynamic binary translation.
==19117== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==19117== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==19117== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==19117== For more details, rerun with: -v
==19117==
1 ==19117== Conditional jump or move depends on uninitialised value(s)
==19117== at 0x4228A22: nssTrust_Create (certificate.c:1009)
==19117== by 0x422B813: nssTrustDomain_FindTrustForCertificate (trustdomain.c:1141)
==19117== by 0x4230D4D: nssTrust_GetCERTCertTrustForCert (pki3hack.c:598)
==19117== by 0x4231980: stan_GetCERTCertificate (pki3hack.c:787)
==19117== by 0x422ECBF: nssCertificateArray_Destroy (pkibase.c:410)
==19117== by 0x4229612: nssCertificate_BuildChain (certificate.c:463)
==19117== by 0x42297CB: NSSCertificate_BuildChain (certificate.c:559)
==19117== by 0x41E1C22: CERT_FindCertIssuer (certvfy.c:249)
==19117== by 0x41E206B: cert_VerifyCertChain (certvfy.c:626)
==19117== by 0x41E31BD: CERT_VerifyCertChain (certvfy.c:881)
==19117== by 0x41E337B: CERT_VerifyCert (certvfy.c:1477)
==19117== by 0x41E363D: CERT_VerifyCertNow (certvfy.c:1528)
==19117==
==19117== Conditional jump or move depends on uninitialised value(s)
==19117== at 0x4228A24: nssTrust_Create (certificate.c:1009)
==19117== by 0x422B813: nssTrustDomain_FindTrustForCertificate (trustdomain.c:1141)
==19117== by 0x4230D4D: nssTrust_GetCERTCertTrustForCert (pki3hack.c:598)
==19117== by 0x4231980: stan_GetCERTCertificate (pki3hack.c:787)
==19117== by 0x422ECBF: nssCertificateArray_Destroy (pkibase.c:410)
==19117== by 0x4229612: nssCertificate_BuildChain (certificate.c:463)
==19117== by 0x42297CB: NSSCertificate_BuildChain (certificate.c:559)
==19117== by 0x41E1C22: CERT_FindCertIssuer (certvfy.c:249)
==19117== by 0x41E206B: cert_VerifyCertChain (certvfy.c:626)
==19117== by 0x41E31BD: CERT_VerifyCertChain (certvfy.c:881)
==19117== by 0x41E337B: CERT_VerifyCert (certvfy.c:1477)
==19117== by 0x41E363D: CERT_VerifyCertNow (certvfy.c:1528)
1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 10
11 11
12 12
==19117==
==19117== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 73 from 1)
==19117== malloc/free: in use at exit: 6,101,923 bytes in 24,906 blocks.
==19117== malloc/free: 37,817 allocs, 12,911 frees, 18,674,372 bytes allocated.
==19117== For counts of detected errors, rerun with: -v
==19117== searching for pointers to 24,906 not-freed blocks.
==19117== checked 6,565,504 bytes.
==19117==
==19117==
==19117== 48 bytes in 2 blocks are possibly lost in loss record 5 of 14
==19117== at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==19117== by 0x75FBDC7: PR_Malloc (in /lib/libnspr4.so)
==19117== by 0x75F2D8B: (within /lib/libnspr4.so)
==19117== by 0x760D123: (within /lib/libnspr4.so)
==19117== by 0x760E562: PR_Socket (in /lib/libnspr4.so)
==19117== by 0x760E6ED: PR_NewTCPSocket (in /lib/libnspr4.so)
==19117== by 0x4066EE1: Curl_nss_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x405E35E: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x403D8A9: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4044920: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4049D39: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4052A68: Curl_perform (in /usr/lib/libcurl.so.4.1.1)
==19117==
==19117==
==19117== 160 bytes in 2 blocks are definitely lost in loss record 9 of 14
==19117== at 0x4004BA2: calloc (vg_replace_malloc.c:397)
==19117== by 0x75FC039: PR_Calloc (in /lib/libnspr4.so)
==19117== by 0x4809923: error_get_my_stack (error.c:145)
==19117== by 0x480999A: nss_ClearErrorStack (error.c:281)
==19117== by 0x4809836: NSSArena_Create (arena.c:385)
==19117== by 0x47FB62B: nssCKFWInstance_Create (instance.c:217)
==19117== by 0x4807153: NSSCKFWC_Initialize (wrap.c:205)
==19117== by 0x47F4970: pemC_Initialize (nssck.api:117)
==19117== by 0x41F7572: secmod_ModuleInit (pk11load.c:146)
==19117== by 0x41F7B97: SECMOD_LoadPKCS11Module (pk11load.c:378)
==19117== by 0x420AFDA: SECMOD_LoadModule (pk11pars.c:323)
==19117== by 0x420B222: SECMOD_LoadUserModule (pk11pars.c:391)
==19117==
==19117==
==19117== 192 bytes in 12 blocks are definitely lost in loss record 10 of 14
==19117== at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==19117== by 0x75FBDC7: PR_Malloc (in /lib/libnspr4.so)
==19117== by 0x4325677: PORT_Alloc_Util (secport.c:113)
==19117== by 0x420718B: PK11_CreateGenericObject (pk11obj.c:1354)
==19117== by 0x4066968: nss_load_cert (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x40675C9: Curl_nss_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x405E35E: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x403D8A9: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4044920: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4049D39: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x4052A68: Curl_perform (in /usr/lib/libcurl.so.4.1.1)
==19117== by 0x40537C2: curl_easy_perform (in /usr/lib/libcurl.so.4.1.1)
==19117==
==19117==
==19117== 6,019,124 bytes in 24,720 blocks are possibly lost in loss record 14 of 14
==19117== at 0x4004BA2: calloc (vg_replace_malloc.c:397)
==19117== by 0x75FC039: PR_Calloc (in /lib/libnspr4.so)
==19117== by 0x48094AF: nss_ZAlloc (arena.c:892)
==19117== by 0x47F55E1: pem_FindObjectsInit (pfind.c:303)
==19117== by 0x47F936F: pem_mdSession_FindObjectsInit (psession.c:136)
==19117== by 0x47FD4AD: nssCKFWSession_FindObjectsInit (session.c:1735)
==19117== by 0x4804A4E: NSSCKFWC_FindObjectsInit (wrap.c:2550)
==19117== by 0x47F42F4: pemC_FindObjectsInit (nssck.api:717)
==19117== by 0x42330A5: find_objects (devtoken.c:334)
==19117== by 0x42333BB: find_objects_by_template (devtoken.c:463)
==19117== by 0x4233C22: nssToken_FindCertificatesBySubject (devtoken.c:657)
==19117== by 0x422BDC0: nssTrustDomain_FindCertificatesBySubject (trustdomain.c:646)
==19117==
==19117== LEAK SUMMARY:
==19117== definitely lost: 352 bytes in 14 blocks.
==19117== possibly lost: 6,019,172 bytes in 24,722 blocks.
==19117== still reachable: 82,399 bytes in 170 blocks.
==19117== suppressed: 0 bytes in 0 blocks.
==19117== Reachable blocks (those to which a pointer was found) are not shown.
==19117== To see them, rerun with: --leak-check=full --show-reachable=yes

Received on 2009-04-09