Bug 3273 - memory leak in libsmbclient
memory leak in libsmbclient
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: libsmbclient
3.0.20b
All Linux
: P3 major
: none
Assigned To: Derrell Lipman
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-19 20:12 UTC by Mikhail Kshevetskiy
Modified: 2005-12-05 20:46 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kshevetskiy 2005-11-19 20:12:55 UTC
It seems to me that libsmbclient have a memory leak. To stady this problem i rebuild libsmbclient with debug information and write a test application. After the test i found that 171352 bytes in 21 blocks was lost.

I use linux-2.6.13.2, glibc-2.3.5 with TLS, gcc-3.3.6, samba-3.0.20b

the source code of test application, the application output and valgrind logfile is placed below

Mikhail Kshevetskiy




=================================================================
the source code of test application
=================================================================
#include <stdio.h>
#include <stdlib.h>
#include <malloc.h>
#include <string.h>
#include <libsmbclient.h>

int	debuglevel	= 0;
char	*workgroup	= "NT";
char	*username	= "guest";
char	*password	= "";

typedef struct smbitem smbitem;

struct smbitem{
    smbitem	*next;
    int		type;
    char	name[1];
};

void smbitem_list_delete(smbitem *list){
    smbitem	*elem;
    
    while(list != NULL){
	elem = list;
	list = list->next;
	free(elem);
    }
}

void smbc_auth_fn(
                const char      *server,
		const char      *share,
		char            *wrkgrp, int wrkgrplen,
		char            *user,   int userlen,
		char            *passwd, int passwdlen){
		
    (void) server;
    (void) share;
    (void) wrkgrp;
    (void) wrkgrplen;

    strncpy(wrkgrp, workgroup, wrkgrplen - 1); wrkgrp[wrkgrplen - 1] = 0;
    strncpy(user, username, userlen - 1); user[userlen - 1] = 0;
    strncpy(passwd, password, passwdlen - 1); passwd[passwdlen - 1] = 0;	
}

SMBCCTX* create_smbctx(){
    SMBCCTX	*ctx;

    if ((ctx = smbc_new_context()) == NULL) return NULL;

    ctx->debug = debuglevel;
    ctx->callbacks.auth_fn = smbc_auth_fn;

    if (smbc_init_context(ctx) == NULL){
	smbc_free_context(ctx, 1);
	return NULL;
    }

    return ctx;
}

void delete_smbctx(SMBCCTX* ctx){
    ctx->callbacks.purge_cached_fn(ctx);
    smbc_free_context(ctx, 1);
}

smbitem* get_smbitem_list(char *smb_path){
    SMBCCTX		*ctx;
    SMBCFILE		*fd;
    struct smbc_dirent	*dirent;
    smbitem		*list = NULL, *item;

    if ((ctx = create_smbctx()) == NULL) return NULL;
    if ((fd = ctx->opendir(ctx, smb_path)) == NULL){
	delete_smbctx(ctx);
	return NULL;
    }
    while((dirent = ctx->readdir(ctx, fd)) != NULL){
	if (strcmp(dirent->name, "") == 0) continue;
	if (strcmp(dirent->name, ".") == 0) continue;
	if (strcmp(dirent->name, "..") == 0) continue;

	if ((item = malloc(sizeof(smbitem) + strlen(dirent->name))) == NULL)
	    continue;
	
	item->next = list;
	item->type = dirent->smbc_type;
	strcpy(item->name, dirent->name);
	list = item;
    }
    ctx->close_fn(ctx, fd);
    delete_smbctx(ctx);
    return list;    
}

void smbgroup_scan(char *smb_path){
    smbitem	*list, *item;

    printf("\n%s\n", smb_path + 6);
    if ((list = get_smbitem_list(smb_path)) == NULL) return;
    
    item = list;
    while(item != NULL){
	if (item->type == SMBC_SERVER) printf("  %s\n", item->name);
	item = item->next;
    }
    smbitem_list_delete(list);
}

int main(int argc, char *argv[]){
    char	smb_path[4096] = "smb://";
    smbitem	*list, *item;

    if ((list = get_smbitem_list(smb_path)) == NULL){
	perror("Can't read workgroup list.");
	return 1;
    }
    
    item = list;
    while(item != NULL){
	if (item->type == SMBC_WORKGROUP){
	    strncpy(smb_path + 6, item->name, sizeof(smb_path) - 6);
	    smbgroup_scan(smb_path);
	}
	item = item->next;
    }
    smbitem_list_delete(list);
    return 0;	
}



=================================================================
the program output
=================================================================
got no contact to IPC$

Z
  BINAC

WORKGROUP
  LAN
  ALONG

NT
  YA_
  VPK
  STROYMEH
  MAZZILA
  MAV
  LASKA1
  LASKA
  ANELE
  ALFA

N16
  XSI
  XOR
  VALA
  THIEF
  TERM
  SPHEROMON
  SMOKE
  ORRY
  KOT
  JULY
  EVG
  CHIL

MSHOME
  TANKI
  MMS
  LASTOCHKA
  AVTAN

LINUX
  LOSHAD

KINDERGARDEN
  XPYM
  WARRKAN
  WAIKEI
  PREFIX
  EMZAR

IRC
  WITCH
  PINE

GENTOO
  C2H5OH

FUCK

CCCP
  VOLAND
  REGIT
  PLAGUE
  NOODLE
  LEXY
  KOSOY
  BALBES

AXZ.NET

ALTNET
  ZEKA
  VILL
  VIDIK
  VARENIK
  UNO
  TRITICH
  TIMTEI
  TIME
  TEPEMOK
  TEMP
  SULART
  SOVJONOK
  SMILEX
  SK
  SEZAM
  SCARLETT
  SAROVCI
  RONIN
  PUMA
  PRINGLES
  PK
  PINYA
  PING
  PHOPALOCERA
  OK
  NIKITA
  NEFF
  MYRZILKA
  MSIRBIS
  MISERY
  MIME
  MERMAID
  MAEZ
  LUCIRON
  LIK
  LEX
  LEGION
  KUBIK
  KSU
  KRISTY
  KATUSHA
  KASPER
  IVANYCH
  IRBIS
  HARADA
  HANDLE
  GRES
  GHOST
  FEEL-GOOD-INC
  FAITH
  ERDNI
  ENZO
  DR_LIVSE
  DAKE
  CRAFT
  CHEGEVARA
  AXL
  ASTER
  AS
  ALINA
  AIUR

ACMENET
  ACMELABS

@!@

16
  VIVA
  VAVA
  URSUS
  TV
  SHIKO
  NOUT
  GRIF
  ELIN
  DOC

15
  ~
  _LIAN
  ZUBASTIK
  ZORG
  ZOOPARK
  ZOO
  ZABIK
  Z
  YKYT
  YAHA
  XXX
  WITCH
  WINSTON
  WEB
  VSD
  VOSHOD
  VOODOO
  VIT
  VIP
  VINNITSKY
  VETER
  VESPER
  VENSEM
  VAL
  VAK
  UXUS
  URBAN
  UPI_
  UMMAGUMMA
  UDAFF
  TWIXELS
  TWIX
  TUSHKAN
  TUMANNO
  TSUEFA
  TRIP
  TOOTEN
  TONIK
  TOMB
  TISHA
  THORAX
  THEVERY-W2000
  THANKIEM
  TASYA
  TANCHIK
  TABURET
  SV
  SUNMUSTER
  SUKAWATI
  STUDSOVET
  STOKKMAN
  STEPASHKA
  STELLA
  STAYER
  SSDM
  SQUIRREL
  SPLINTER
  SPIRIT
  SPAWN
  SOLNYSHKO
  SOBER
  SNZ
  SNOWFLAKE
  SNIPER
  SLEEPWALKER
  SKIPER
  SKILEO
  SKIF
  SINUS
  SHTUTZER
  SHIZOID_LILU
  SHARP
  SHARKY
  SETT
  SERGR
  SERG
  SENIA
  SANCTUARY
  SANCHO
  SAM
  SALVADOR
  RT
  ROMANTIC
  ROLKER
  RELOAD
  REDISKA
  REBEL
  REAL_IMP
  RAMBUTAN_FARSHI
  PURPUR
  PUNK
  POWER
  POSITIVE
  POKEMON
  PILOT
  PERSON
  PENKA
  PELAGIC
  PECH
  PAVLEN
  PARADOX
  PANDEMONIUM
  PAMPON
  O_SA
  OZA
  OUTLIFE
  OM
  OLO
  OLEG
  OHOTNIK
  OGGI
  ODUVAN4IK
  NT2
  NNM
  NIKE
  NIGHTSUN
  NIFERTITY
  NEKO
  NECROS
  NECHIST
  N-TOSHICKQ
  MURMANSK
  MUMRIK
  MRAK
  MIXALYCH
  MIX
  MITRASH
  MILLY
  MIGGER
  MEMPHYS
  MAZIC
  MAX
  MARS
  MARHATTER
  MANY
  MANILA
  MALINYCH
  LXX
  LURKER
  LSD
  LOW
  LORD
  LOBSTER
  LISS
  LIONISH
  LINA
  LG
  LEPRECON
  LEON
  LD_VINCI
  LATIV
  LAPOCHKA
  LAOS
  LAMIA
  KZ-2030
  KUB
  KLYUKVA
  KKK
  KITTY
  KISA
  KHHEN1418
  KHANH
  KEPKA
  KENT
  KAZBEK
  KARKUSHA
  KAP_KA
  KAMIV
  KAKTYC
  JUSTICE
  JUST-A-DEMON
  JUR
  JUMPER
  JULIA
  JUKI
  JOHNRUS
  JEEP
  JASMINE
  JAMBO
  JACKASS
  JACK
  IZON
  IRU
  IRDIS
  IPKA
  INSOMNIA
  INOK
  INGAME
  HUNTER
  HUB
  HRIUK
  HOT_VIRGIN
  HLDM
  HINATA
  HENRY
  HELL
  GURU
  GUNYA
  GUD
  GRUNGE
  GRICE
  GRENKA
  GRACE
  GARRY
  GANJA
  GABRIEL3
  FUCKME
  FRONT
  FROGGY
  FREEDOM
  FORLIC
  FOOTGEN
  FOLLOUEN
  FM
  FELIX
  FAVORIT
  ENTEROVER
  ENIAC
  ENGGER
  DUYTOAN
  DURDOM
  DTTH
  DROP
  DRAGON
  DRACULA
  DOWNPOUR
  DOOFY
  DOLPHIN
  DOGMA
  DOCTOR
  DOBRIY
  DJ
  DIVAS
  DIM
  DIDE
  DIBA
  DESTATOR
  DESPERADO
  DENNIS
  DEN
  DEMENTOR
  DEM
  DAMNED
  DALTON
  DAIR
  CTPEKOZA
  CREW
  CREATOR
  CLOWN
  CLASSIC
  CIOJIBKA
  CHELOVECHKA
  CENTURION
  BUVEN
  BUSH
  BURUNDUK
  BUMPER
  BUGAMER
  BORODA
  BOGDAN
  BOD
  BLACK
  BIT
  BEAVER
  BAIKAL
  BAHUS
  BADBOYS
  A_LIR
  AZON
  AZEFF
  AXID
  ATT
  ARVEN
  ANHEL
  ANDROLY
  AMPUTATOR
  AMORPHIS
  AMAZONKA
  ALTA
  ALT.RU-EAST
  ALADON
  AHIS
  ACO
  ABGVEDR
  ABA
  6U4
  3ATBOP
  10_RUS
  #

14
  STROOK
  SNOWMAN
  SCREW
  SART
  RAMA
  QWERT
  POLO
  NICKEL
  NICK
  NATAXA
  MOLOH
  LULKA
  KIRILL
  HISABC
  GRIBOEDOW
  FLOWER
  FAIR
  DOBRE
  BENDER
  BANDIT
  ASTIX
  ALKOR

.BY
  PTAXA


=================================================================
the valgrind log
=================================================================
==18536== Memcheck, a memory error detector for x86-linux.
==18536== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==18536== Using valgrind-2.4.0, a program supervision framework for x86-linux.
==18536== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==18536== 
==18536== My PID = 18536, parent PID = 25699.  Prog and args are:
==18536==    ./test2
==18536== For more details, rerun with: -v
==18536== 
==18536== Syscall param write(buf) points to uninitialised byte(s)
==18536==    at 0x1B9C3EEE: __write_nocancel (in /lib/tls/libc-2.3.5.so)
==18536==    by 0x807D91B: write_data (lib/util_sock.c:548)
==18536==    by 0x8093213: write_socket (libsmb/clientgen.c:133)
==18536==    by 0x80933DD: cli_send_smb (libsmb/clientgen.c:162)
==18536==    by 0x8094961: cli_session_setup_plaintext (libsmb/cliconnect.c:249)
==18536==    by 0x809602D: cli_session_setup (libsmb/cliconnect.c:856)
==18536==    by 0x8097A60: cli_full_connection (libsmb/cliconnect.c:1488)
==18536==    by 0x809816D: get_ipc_connect (libsmb/cliconnect.c:1644)
==18536==    by 0x8098300: get_ipc_connect_master_ip (libsmb/cliconnect.c:1713)
==18536==    by 0x8050850: smbc_opendir_ctx (libsmb/libsmbclient.c:2144)
==18536==    by 0x804C4E1: get_smbitem_list (in /tmp/s/test/test2)
==18536==    by 0x804C6D7: main (in /tmp/s/test/test2)
==18536==  Address 0x1BC27E11 is 9 bytes inside a block of size 131072 alloc'd
==18536==    at 0x1B9022E8: malloc (vg_replace_malloc.c:130)
==18536==    by 0x8078CDE: malloc_ (lib/util.c:881)
==18536==    by 0x8096D86: cli_negprot (libsmb/cliconnect.c:1159)
==18536==    by 0x8097809: cli_start_connection (libsmb/cliconnect.c:1441)
==18536==    by 0x8097A0A: cli_full_connection (libsmb/cliconnect.c:1481)
==18536==    by 0x809816D: get_ipc_connect (libsmb/cliconnect.c:1644)
==18536==    by 0x8098300: get_ipc_connect_master_ip (libsmb/cliconnect.c:1713)
==18536==    by 0x8050850: smbc_opendir_ctx (libsmb/libsmbclient.c:2144)
==18536==    by 0x804C4E1: get_smbitem_list (in /tmp/s/test/test2)
==18536==    by 0x804C6D7: main (in /tmp/s/test/test2)
==18536== 
==18536== Conditional jump or move depends on uninitialised value(s)
==18536==    at 0x8093C81: cli_close_connection (libsmb/clientgen.c:423)
==18536==    by 0x8093D2D: cli_shutdown (libsmb/clientgen.c:445)
==18536==    by 0x8050893: smbc_opendir_ctx (libsmb/libsmbclient.c:2151)
==18536==    by 0x804C4E1: get_smbitem_list (in /tmp/s/test/test2)
==18536==    by 0x804C6D7: main (in /tmp/s/test/test2)
==18536== 
==18536== ERROR SUMMARY: 8 errors from 2 contexts (suppressed: 29 from 1)
==18536== malloc/free: in use at exit: 474387 bytes in 855 blocks.
==18536== malloc/free: 16457 allocs, 15602 frees, 13280949 bytes allocated.
==18536== For counts of detected errors, rerun with: -v
==18536== searching for pointers to 855 not-freed blocks.
==18536== checked 663012 bytes.
==18536== 
==18536== 
==18536== 171352 bytes in 21 blocks are definitely lost in loss record 6 of 7
==18536==    at 0x1B9022E8: malloc (vg_replace_malloc.c:130)
==18536==    by 0x8078CDE: malloc_ (lib/util.c:881)
==18536==    by 0x804DA54: smbc_server (libsmb/libsmbclient.c:751)
==18536==    by 0x80508E1: smbc_opendir_ctx (libsmb/libsmbclient.c:2162)
==18536==    by 0x804C4E1: get_smbitem_list (in /tmp/s/test/test2)
==18536==    by 0x804C6D7: main (in /tmp/s/test/test2)
==18536== 
==18536== LEAK SUMMARY:
==18536==    definitely lost: 171352 bytes in 21 blocks.
==18536==      possibly lost: 0 bytes in 0 blocks.
==18536==    still reachable: 303035 bytes in 834 blocks.
==18536==         suppressed: 0 bytes in 0 blocks.
==18536== Reachable blocks (those to which a pointer was found) are not shown.
==18536== To see them, rerun with: --show-reachable=yes
Comment 1 Jeremy Allison 2005-11-29 11:16:56 UTC
Derrell can you look at this please. I'm trying to figure out the cachine in libsmbclient and it's giving me a headache....
Jeremy.
Comment 2 Derrell Lipman 2005-11-29 11:34:19 UTC
I sure will.  libsmbclient stuff is next on my list.  I should get to it next week.
Comment 3 Derrell Lipman 2005-12-05 20:46:38 UTC
Leak confirmed and fixed (along with another one I found in the process).  Thanks for the report.