bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 08:41 UTC
[Bug 1967] New: Potential memory leak
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
Bug #: 1967
Summary: Potential memory leak
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: zhenbo1987 at gmail.com
I applied a memory leak detection tool, called
melton(http://lcs.ios.ac.cn/~xuzb/melton.html), to detect the potential
bugs in openssh-5.9p1.
The url below is the index of bug reports that are checked as real bugs
manually.
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/index.html
Does it provide enough info to report bugs .
Do I need to add some description for each bug?
Hope for your replies!
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 08:45 UTC
[Bug 1967] Potential memory leak in ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
Zhenbo Xu <zhenbo1987 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Potential memory leak |Potential memory leak in
| |ssh
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 08:46 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
Zhenbo Xu <zhenbo1987 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Potential memory leak in |Potential memory leak in
|ssh |ssh [detected by melton]
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 09:56 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2011-12-30
20:56:26 EST ---
Thanks. In general the reports look pretty good.
I think this one is a false positive:
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-sXUkMC.html#EndPath
max_fd2 = max_fd;
client_wait_until_can_do_something(&readset, &writeset,
&max_fd2, &nalloc, rekeying);
Allocated memory never released. Potential memory leak
Heap object allocated here is not freed
The only way out of that loop is if quit_pending is set, after which
readset and writeset are freed.
I can't figure out what these two are complaining about:
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-Fs8fvc.html#EndPath
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-u6oVoX.html#EndPath
I'll attach a patch for the rest shortly.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 09:57 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967 --- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2011-12-30 20:57:22 EST --- Created attachment 2124 --> https://bugzilla.mindrot.org/attachment.cgi?id=2124 fix memory leaks -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 10:03 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2011-12-30 21:03:01 EST --- Comment on attachment 2124 --> https://bugzilla.mindrot.org/attachment.cgi?id=2124 fix memory leaks>+++ readconf.c 30 Dec 2011 09:42:23 -0000[...]>+ if (arg != NULL) >+ xfree(arg);actually this one is a no-op and is not needed. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-30 14:44 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967
--- Comment #4 from Zhenbo Xu <zhenbo1987 at gmail.com> 2011-12-31
01:44:17 EST ---
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-u6oVoX.html#EndPath
This report means that the heap object allocated to fwd.connect_host
by function "parse_forward" is not freed at the end of the function
since fwd is a local variable.
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-Fs8fvc.html#EndPath
In this report, the loop below iterates two times. At the first
iteration, a heap object is allocated to options->user at "charptr
&options->user; ... *charptr = xstrdup(arg);", which is leaked at
the
second iteration if options->user is reassigned.
while (fgets(line, sizeof(line), f)) {
linenum++;
if (process_config_line(options, host, line, filename, linenum,
&active) != 0)
bad_options++;
}
Here is a list of some bugs, most of which are confirmed as false
alarms by myself. It may contain some potential bugs or be helpful with
you, although most of these are useless or can be eliminated by
improving our tool.
http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/falsealarms/index.html
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jan-04 08:40 UTC
[Bug 1967] Potential memory leak in ssh [detected by melton]
https://bugzilla.mindrot.org/show_bug.cgi?id=1967 --- Comment #5 from Zhenbo Xu <zhenbo1987 at gmail.com> 2012-01-04 19:40:43 EST --- (In reply to comment #4)> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-u6oVoX.html#EndPath > > This report means that the heap object allocated to fwd.connect_host > by function "parse_forward" is not freed at the end of the function > since fwd is a local variable. > >Is this report a real bug? If so, shall we fix this bug?> > http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/realbugs/report-Fs8fvc.html#EndPath > > In this report, the loop below iterates two times. At the first > iteration, a heap object is allocated to options->user at "charptr > &options->user; ... *charptr = xstrdup(arg);", which is leaked at the > second iteration if options->user is reassigned. > > while (fgets(line, sizeof(line), f)) { > linenum++; > if (process_config_line(options, host, line, filename, linenum, > &active) != 0) > bad_options++; > } >This report may be a false positive as options->user will never be reassigned.> > Here is a list of some bugs, most of which are confirmed as false > alarms by myself. It may contain some potential bugs or be helpful with > you, although most of these are useless or can be eliminated by > improving our tool. > http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/openssh-5.9p1/falsealarms/index.html-- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.