New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sandboxie leaks paged pool when Sandman is running #444
Comments
Further observation shows that the unmatched allocs occur in 4 batches per second, each time amounting to 2*(number of boxes) allocations, and a size of 96 Bytes/allocation. |
Thanks for the excellent bug report looking into it right now. |
Sooo... the issue is as follows, SandMan.exe when updating boxes is querying all box paths, in case they changed, The issue seams to be present since the Sophos days and its actually worst than anticipated, whenever a application is started on the system, dome memory is leaked. |
Does that mean Sandboxie Plus 0.5.5 has the same issue? (I am asking as I did not update to the latest version, yet. As I saw the issue.) |
Yes, pretty sure it is. In fact I discovered this using version 0.5.4b, then tested with the latest version to make sure the issue is still there. As David wrote the problem has existed for quite some time now... |
Alright, thank you @hg421 It could have been that only a recent change triggered the issue, but if an earlier version shows that issue I can update without having to worry. |
Ok, i have found a fix for the problem, the next build of the driver will be working correctly. |
The sandboxie driver appears to leak paged pool memory continuously whenever Sandman is running.
I've noticed this after letting Sandman run in the background for some longer time and then seeing a ridiculously large paged pool size (>20GB).
The rate of leaking seems to be proportional to the number of boxes.
This behavior can be also be reproduced in a clean virtual machine, as follows:
poolmon.exe -e -b -p -p
The offending tag is
Strg
, which is apparently the default tag used by severalRtl*
family functions dealing with strings that dynamically allocate memory.To filter the output for
Strg
tag only, usepoolmon.exe -e -b -p -p -iStrg
.In the case of 50 boxes, the Diff value (difference between allocs and frees) will rise at a rate of 400/sec (slower if you have less boxes).
The leak stops as soon as Sandman.exe is terminated, and does not occur with SbieCtrl.
It seems that the only way to free the memory is to reboot the system; unloading the driver does not help.
Unfortunately this issue makes it pretty much impossible to leave Sandman constantly running in the background, especially when you have lots of boxes, so I really hope this can be fixed!
The text was updated successfully, but these errors were encountered: