$ cc -g -fsanitize=address main.c $(pkg-config --cflags --libs libcurl) -o asan && ./asan
=================================================================
==41730==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 260 byte(s) in 4 object(s) allocated from:
#0 0x7f52f54d97a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x7f52f54423cd (/lib/x86_64-linux-gnu/libcurl.so.4+0x673cd)
SUMMARY: AddressSanitizer: 260 byte(s) leaked in 4 allocation(s).
and valgrind does too:
$ cc -g main.c $(pkg-config --cflags --libs libcurl) -o valgrind && valgrind --leak-check=full ./valgrind
==41878==
==41878== HEAP SUMMARY:
==41878== in use at exit: 3,710 bytes in 12 blocks
==41878== total heap usage: 32,937 allocs, 32,925 frees, 3,397,085 bytes allocated
==41878==
==41878== 260 bytes in 4 blocks are definitely lost in loss record 5 of 8
==41878== at 0x483F7B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==41878== by 0x499331A: strdup (strdup.c:42)
==41878== by 0x48CB3CD: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878== by 0x48AB9B7: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878== by 0x48AC81D: curl_multi_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878== by 0x4884AE2: curl_easy_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878== by 0x1092FB: main (main.c:15)
==41878==
==41878== LEAK SUMMARY:
==41878== definitely lost: 260 bytes in 4 blocks
==41878== indirectly lost: 0 bytes in 0 blocks
==41878== possibly lost: 0 bytes in 0 blocks
==41878== still reachable: 3,450 bytes in 8 blocks
==41878== suppressed: 0 bytes in 0 blocks
==41878== Reachable blocks (those to which a pointer was found) are not shown.
==41878== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==41878==
==41878== For lists of detected and suppressed errors, rerun with: -s
==41878== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
The size of the leak depends on the value of CURLOPT_XOAUTH2_BEARER; in this example it is 260 because the token is 65 characters long (including '\0') times 4.
I expected the following
Repeatedly performing HTTP requests with the same handle when a bearer token is set with the CURLOPT_XOAUTH2_BEARER option should not leak the token on each request.
I did this
Given the following code:
AddressSanitizer reports a memory leak:
and valgrind does too:
The size of the leak depends on the value of
CURLOPT_XOAUTH2_BEARER
; in this example it is 260 because the token is 65 characters long (including'\0'
) times 4.I expected the following
Repeatedly performing HTTP requests with the same handle when a bearer token is set with the
CURLOPT_XOAUTH2_BEARER
option should not leak the token on each request.curl/libcurl version
curl 7.83.0 (x86_64-pc-linux-gnu) libcurl/7.83.0 OpenSSL/1.1.1o zlib/1.2.11 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.11
Release-Date: 2022-04-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd
operating system
Linux debian 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: