-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
memleak in mnt_table_parse_swaps() #596
Comments
example.swaps with "(deleted)" does not cause bogus entries in the list now, but a memleak in libmount instead. The memleaks is not very important since this code is run just once. Reported as util-linux/util-linux#596. $ build/test-umount ... /* test_swap_list("/proc/swaps") */ path=/var/tmp/swap o= f=0x0 try-ro=no dev=0:0 path=/dev/dm-2 o= f=0x0 try-ro=no dev=0:0 /* test_swap_list("/home/zbyszek/src/systemd/test/test-umount/example.swaps") */ path=/some/swapfile o= f=0x0 try-ro=no dev=0:0 path=/dev/dm-2 o= f=0x0 try-ro=no dev=0:0 ==26912== ==26912== HEAP SUMMARY: ==26912== in use at exit: 16 bytes in 1 blocks ==26912== total heap usage: 1,546 allocs, 1,545 frees, 149,008 bytes allocated ==26912== ==26912== 16 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==26912== at 0x4C31C15: realloc (vg_replace_malloc.c:785) ==26912== by 0x55C5D8C: _IO_vfscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x55D8AEC: vsscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x55D25C3: sscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x53236D0: mnt_table_parse_stream (in /usr/lib64/libmount.so.1.1.0) ==26912== by 0x53249B6: mnt_table_parse_file (in /usr/lib64/libmount.so.1.1.0) ==26912== by 0x10D157: swap_list_get (umount.c:194) ==26912== by 0x10B06E: test_swap_list (test-umount.c:34) ==26912== by 0x10B24B: main (test-umount.c:56) ==26912== ==26912== LEAK SUMMARY: ==26912== definitely lost: 16 bytes in 1 blocks ==26912== indirectly lost: 0 bytes in 0 blocks ==26912== possibly lost: 0 bytes in 0 blocks ==26912== still reachable: 0 bytes in 0 blocks ==26912== suppressed: 0 bytes in 0 blocks
example.swaps with "(deleted)" does not cause bogus entries in the list now, but a memleak in libmount instead. The memleaks is not very important since this code is run just once. Reported as util-linux/util-linux#596. $ build/test-umount ... /* test_swap_list("/proc/swaps") */ path=/var/tmp/swap o= f=0x0 try-ro=no dev=0:0 path=/dev/dm-2 o= f=0x0 try-ro=no dev=0:0 /* test_swap_list("/home/zbyszek/src/systemd/test/test-umount/example.swaps") */ path=/some/swapfile o= f=0x0 try-ro=no dev=0:0 path=/dev/dm-2 o= f=0x0 try-ro=no dev=0:0 ==26912== ==26912== HEAP SUMMARY: ==26912== in use at exit: 16 bytes in 1 blocks ==26912== total heap usage: 1,546 allocs, 1,545 frees, 149,008 bytes allocated ==26912== ==26912== 16 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==26912== at 0x4C31C15: realloc (vg_replace_malloc.c:785) ==26912== by 0x55C5D8C: _IO_vfscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x55D8AEC: vsscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x55D25C3: sscanf (in /usr/lib64/libc-2.26.so) ==26912== by 0x53236D0: mnt_table_parse_stream (in /usr/lib64/libmount.so.1.1.0) ==26912== by 0x53249B6: mnt_table_parse_file (in /usr/lib64/libmount.so.1.1.0) ==26912== by 0x10D157: swap_list_get (umount.c:194) ==26912== by 0x10B06E: test_swap_list (test-umount.c:34) ==26912== by 0x10B24B: main (test-umount.c:56) ==26912== ==26912== LEAK SUMMARY: ==26912== definitely lost: 16 bytes in 1 blocks ==26912== indirectly lost: 0 bytes in 0 blocks ==26912== possibly lost: 0 bytes in 0 blocks ==26912== still reachable: 0 bytes in 0 blocks ==26912== suppressed: 0 bytes in 0 blocks
Addresses: #596 Signed-off-by: Karel Zak <kzak@redhat.com>
@keszybz I have doubts the example is a real copy of the /proc/swaps file. The kernel escapes spaces in paths, so the expected is:
The libmount will interpret a line without \040 as parse error... Anyway, there was bug in the parser; on parse-error it does not deallocate the path. So, thanks for report. |
It's not... It came from a crafted test file. |
@keszybz, I'm not sure what the idea behind that space is, but it seems it doesn't matter what is placed there. If so, would it make sense to change the space to |
More details, kernel uses d_path() function to convert dentry to path string. The function appends " (deleted)" to the path for unlinked files. The string is later escaped (space is converted to \040) by seq_file_path() when mm/swapfile.c generates /proc/swaps. This is reason why the file in the test seem incorrect for me. It seems like output from old swapon rather than cp from /proc. Yes, change the space to \040 will fix the problem for old libmount versions too. The next version will be robust enough to avoid the leak. |
Hi,
I was writing a unittest for systemd, and found what seems to be a small memleak in mnt_table_parse_swaps(). I'm parsing the following dummy file:
and get the following report from valgrind:
The memleaks comes from the line with " (deleted)". If I duplicate that line, valgrind reports a lost block for each copy.
I'll push my PR to systemd shortly, so a reference to it should pop up here in case you want to see the code.
The text was updated successfully, but these errors were encountered: