Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Mar 2002 12:46:49 -0800 (PST)
From:      Jiu Zheng <jiu@stbernard.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/36175: Vsnprintf causes memeory leak 
Message-ID:  <200203212046.g2LKknv33411@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         36175
>Category:       bin
>Synopsis:       Vsnprintf causes memeory leak
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 21 12:50:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Jiu Zheng
>Release:        4.x
>Organization:
St Bernard Software
>Environment:
FreeBSD sunrise.rapid.stbernard.com 4.2-RELEASE FreeBSD 4.2-RELEASE #2: Fri Jan 19 09:29:10 PST 2001     jiu@sunrise.ipinc.com:/usr/src/sys/compile/SUNRISE  i386
>Description:
*Each time* vsnprintf is called with str == NULL, 1K of memory is 
allocted and never get freed. This can cause memory leak for certain 
applications.

For example, in the recent Samba 3.0 alpha release, there is such a
line

len = vsnprintf(NULL, 0, fmt, ap);

used to calculate the length of the string. Then a serious memery leak
is caused in winbindd (a deamon as a part of samba package). 

I noticed in revision 1.15 of vsnprintf (CVS) the author said

"revert freeing of memory that gets allocated when str == NULL
(this will be fixed in a better way)"

I am not sure the author really means to allocate 1M of memory
if the function is called in such a way 1000 times in a program.
I think this should get fix ASAP.

Thank you.



>How-To-Repeat:
Just compile and run the following; and see the prog size grows

#include <stdio.h>
#include <stdarg.h>

void do_print(char const *fmt, ...) {
   	int len;
    	va_list ap;
      	va_start(ap, fmt);
      	len = vsnprintf(NULL, 0, fmt, ap);
      	va_end(ap);

}

int main() {
	while(1) do_print("bad\n");
}
>Fix:
The author, assar, must know 
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203212046.g2LKknv33411>