Project

General

Profile

Actions

Bug #13988

closed

libproc leaks zoneroot

Added by Robert Mustacchi 3 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

While working through #13987 and looking for memory leaks, I found one that I could easily replicate without my changes. With umem debugging this became fairly straightforward:

rm@beowulf:~/test$ mdb /usr/bin/amd64/pflags 
> _start_crt+0x87::bp
> ::run core.100560
...
mdb: stop at _start_crt+0x87
mdb: target stopped at:
_start_crt+0x87:movl   %eax,%edi
mdb: You've got symbols!
Loading modules: [ ld.so.1 libumem.so.1 libc.so.1 libproc.so.1 ]
> ::findleaks
CACHE             LEAKED           BUFCTL CALLER
000000000067a028       1 0000000000755b60 libc.so.1`strdup+0x25
00000000006cd028       1 000000000093d540 libproc.so.1`core_load_shdrs+0x395
00000000006cf028       1 000000000093d460 libproc.so.1`core_load_shdrs+0x395
00000000006d1028       1 000000000093d2a0 libproc.so.1`core_load_shdrs+0x395
00000000006d6028       1 000000000093d620 libproc.so.1`core_load_shdrs+0x395
00000000006e4028       1 0000000000d340e0 libproc.so.1`core_load_shdrs+0x395
00000000006f7028       1 000000000093d380 libproc.so.1`core_load_shdrs+0x395
------------------------------------------------------------------------
           Total       7 buffers, 290832 bytes
> 0000000000755b60::bufctl -v
            ADDR          BUFADDR        TIMESTAMP           THREAD
                            CACHE          LASTLOG         CONTENTS
          755b60           750fa0     13832b17f317                1
                           67a028                0                0
                 libumem.so.1`umem_cache_alloc_debug+0x104
                 libumem.so.1`umem_cache_alloc+0xd8
                 libumem.so.1`umem_alloc+0x9f
                 libumem.so.1`umem_malloc+0x36
                 libc.so.1`strdup+0x25
                 libproc.so.1`Pzoneroot+0xc3
                 libproc.so.1`Pzonepath+0x77
                 libproc.so.1`Pfindobj+0x5a
                 libproc.so.1`try_exec+0x81
                 libproc.so.1`Pfindexec+0x408
                 libproc.so.1`Pfgrab_core+0x690
                 libproc.so.1`proc_grab_common+0x1c3
                 libproc.so.1`proc_arg_xgrab+0x1d
                 look+0x52
                 main+0xcc

If you look at the code in question you'll quickly see there's basically no place that ever frees zoneroot in libproc. As such, I added it to Pfree(). This is generally safe because we always zero the struct ps_prochandle.

Actions

Also available in: Atom PDF