Bug#587250: marked as done (curlftpfs: gigantic memory leak)

Sun, 27 Jun 2010 14:39:26 -0700 

Your message dated Sun, 27 Jun 2010 21:36:29 +0000
with message-id <[email protected]>
and subject line Bug#587250: fixed in curlftpfs 0.9.2-3
has caused the Debian Bug report #587250,
regarding curlftpfs: gigantic memory leak
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
587250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587250
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: curlftpfs
Version: 0.9.1-3+b2
Severity: important
Tags: patch

After downloading several files of several megabytes each, curlftpfs eats up 
all available RAM, and is killed by the kernel OOM_killer.
I then compiled my own unstripped version for debugging purposes, A short run 
under valgrind says (among other less-important leaks) :

==11954== 4,039,584 bytes in 10 blocks are possibly lost in loss record 39 of 39
==11954== at 0x4024D12: realloc (vg_replace_malloc.c:476)
==11954== by 0x804A5E9: buf_add_mem (ftpfs.c:73)
==11954== by 0x804A677: read_data (ftpfs.c:238)
==11954== by 0x41247B7: Curl_client_write (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x4137B79: Curl_readwrite (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x413EFD3: multi_runsingle (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x413F578: curl_multi_perform (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x804BF13: ftpfs_read_chunk (ftpfs.c:406)
==11954== by 0x804C359: ftpfs_read (ftpfs.c:837)
==11954== by 0x40F065D: fuse_fs_read (in /lib/libfuse.so.2.7.4)
==11954== by 0x40F6543: ??? (in /lib/libfuse.so.2.7.4)
==11954== by 0x40FB83B: ??? (in /lib/libfuse.so.2.7.4)

I tracked down the problem to be in the free_ftpfs_file() function, where the 
passed ftpfs_file structure is not correctly freed. More specifically the two 
uint8_t *p of the 2 struct buffer contained in the ftpfs_file structure.
This means - if I am right - that all the files read on the FTP are kept into 
curlftpfs memory space for ever... which will undoubtedly lead to big problems 
when a lot of files are read from the FTP server.

Attached is a patch that fixes it.

This bug was first submitted upstream, but no answer has ever been received, 
even 6 months later 
(http://sourceforge.net/tracker/?func=detail&aid=2924678&group_id=160565&atid=816357).

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.2-grsec2.1.14-vs2.3.0.36.12-tarpit
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages curlftpfs depends on:
pn  fuse-utils      <none>                   (no description available)
ii  libc6           2.7-18lenny4             GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
pn  libcurl3-gnutls <none>                   (no description available)
pn  libfuse2        <none>                   (no description available)
ii  libgcrypt11     1.4.1-1                  LGPL Crypto library - runtime libr
pn  libglib2.0-0    <none>                   (no description available)
pn  libgnutls13     <none>                   (no description available)
ii  libgpg-error0   1.4-2                    library for common error values an
ii  libidn11        1.8+20080606-1           GNU libidn library, implementation
ii  libkrb53        1.6.dfsg.4~beta1-5lenny4 MIT Kerberos runtime libraries
ii  libtasn1-3      1.4-1                    Manage ASN.1 structures (runtime)
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

curlftpfs recommends no packages.

curlftpfs suggests no packages.

--- ftpfs.c     2008-04-30 01:05:47.000000000 +0200
+++ ftpfs.c.slesimple   2010-01-01 22:12:10.000000000 +0100
@@ -615,6 +615,8 @@ static void free_ftpfs_file(struct ftpfs
   sem_destroy(&fh->data_need);
   sem_destroy(&fh->data_written);
   sem_destroy(&fh->ready);
+  if (fh->buf.size) { buf_free(&fh->buf); }
+  if (fh->stream_buf.size) { buf_free(&fh->stream_buf); }
   free(fh);
 }

--- End Message ---
--- Begin Message --- 
Source: curlftpfs
Source-Version: 0.9.2-3

We believe that the bug you reported is fixed in the latest version of
curlftpfs, which is due to be installed in the Debian FTP archive:

curlftpfs_0.9.2-3.debian.tar.gz
  to main/c/curlftpfs/curlftpfs_0.9.2-3.debian.tar.gz
curlftpfs_0.9.2-3.dsc
  to main/c/curlftpfs/curlftpfs_0.9.2-3.dsc
curlftpfs_0.9.2-3_amd64.deb
  to main/c/curlftpfs/curlftpfs_0.9.2-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Bernat <[email protected]> (supplier of updated curlftpfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 Jun 2010 22:39:30 +0200
Source: curlftpfs
Binary: curlftpfs
Architecture: source amd64
Version: 0.9.2-3
Distribution: unstable
Urgency: low
Maintainer: Vincent Bernat <[email protected]>
Changed-By: Vincent Bernat <[email protected]>
Description: 
 curlftpfs  - filesystem to access FTP hosts based on FUSE and cURL
Closes: 587250
Changes: 
 curlftpfs (0.9.2-3) unstable; urgency=low
 .
   * Fix a memory leak, thanks to a patch from Stéphane Lesimple.
     Closes: #587250.
Checksums-Sha1: 
 68c3a5a86b5a4f7728ef0f5acae8b0a5decfbba5 1291 curlftpfs_0.9.2-3.dsc
 2e525d8751fc525175a5a5cd63f068616a1691a0 3281 curlftpfs_0.9.2-3.debian.tar.gz
 9c6405d978f28ed3aaa5ec73fa786d70d449cb94 34138 curlftpfs_0.9.2-3_amd64.deb
Checksums-Sha256: 
 c92ea55302383d5552b6a240999fae70aa6fb5d25c6174c3fd2bdee39959ea2a 1291 
curlftpfs_0.9.2-3.dsc
 4feac50921fad3c178eb65f9fbee5433f75247f6b2e0f24f9dcd437071863947 3281 
curlftpfs_0.9.2-3.debian.tar.gz
 f6c3cd79981d81e1eaef0091a2b4d376c9d417285eba3e2a8caa0584b5e619d3 34138 
curlftpfs_0.9.2-3_amd64.deb
Files: 
 b7f6abc5dd7bae799e93f3fb86abcad2 1291 utils optional curlftpfs_0.9.2-3.dsc
 83356aea1e1143b647fff9f1071a475b 3281 utils optional 
curlftpfs_0.9.2-3.debian.tar.gz
 b61ec45bafa4cb9c021b1f04bfbaafdb 34138 utils optional 
curlftpfs_0.9.2-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwnuaUACgkQKFvXofIqeU50aACffGKfRu+y7mOequ5tEPlxKBUr
UaYAn2Z17c1goZeAQyej77hkocko+gMF
=EzdL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to