-
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak in CURLOPT_XOAUTH2_BEARER #8841
Comments
I can reproduce with a new test case. PR pending. |
Make use of conn_free() better and avoid duplicate code. Reported-by: Andrea Pappacoda Fixes #8841
Also make sure that the supplied API token is 40 characters long. For further information about the leak, see curl/curl#8841
Hi @bagder, I am using AddressSanitizer on
I am on ubuntu 22.04. Do you know if this is simply a version issue? Or somehow curl is misused here? |
That log doesn't help narrow the problem. Can you provide a log from a libcurl
with debug symbols? Note that we test libcurl for memory leaks on every submit,
so leaks are much more likely to be a result of an application misusing the API
rather than from any problem with libcurl itself. If you can provide the source
code for a standalone program that shows a leak happening in libcurl, we'd be
interested.
|
Thanks for the quick response. Here is a slightly more verbose output from valgrind:
Let me know if you need something more/different. I have a test executable here which I am using to get the above output: The project makes use of CMake to download and install the htslib dependency automatically, so with some basic libs, it should be possible to use the conventional build steps to get this running:
But I understand if this is too much to expect. I can try to take it up with the htslib authors if you think the issue is more likely on their end (or perhaps on my end). Thanks |
5.6 megabytes in a single realloc done by libcurl? That looks highly unlikely. My guess is on the write callback installed by the application. |
aaaaah, thanks for the update |
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: 718776ab6a0a1788e52b68c7a4efcb07995cb862) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: 718776ab6a0a1788e52b68c7a4efcb07995cb862) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: 5a7e20ed84fed2165fccb6bba263879bc923fa56) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: fbb820cdfc480e2481d51b9a1057454832f02b23) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: fbb820cdfc480e2481d51b9a1057454832f02b23) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: fbb820cdfc480e2481d51b9a1057454832f02b23) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Source: poky MR: 158190 Type: Integration Disposition: Merged from poky ChangeID: e54070c Description: Backport a patch [1] to free old conn better on reuse to fix the memory leak issue [2]. [1] curl/curl@06d1210 [2] curl/curl#8841 (From OE-Core rev: fbb820cdfc480e2481d51b9a1057454832f02b23) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
I did this
Given the following code:
AddressSanitizer reports a memory leak:
and valgrind does too:
The size of the leak depends on the value of
CURLOPT_XOAUTH2_BEARER
; in this example it is 260 because the token is 65 characters long (including'\0'
) times 4.I expected the following
Repeatedly performing HTTP requests with the same handle when a bearer token is set with the
CURLOPT_XOAUTH2_BEARER
option should not leak the token on each request.curl/libcurl version
curl 7.83.0 (x86_64-pc-linux-gnu) libcurl/7.83.0 OpenSSL/1.1.1o zlib/1.2.11 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.11
Release-Date: 2022-04-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd
operating system
Linux debian 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: