Package: libc6
Version: 2.3.2.ds1-22sarge3
Severity: important
Hi, i found memory leak in regcomp.
If regcomp fail due to invalid regular expression containing opening
bracket"(" , 40 bytes are lost.
see example source:
--- tmp.c begins here ---
#include
int
main(int argc, char **argv)
{
regex_t preg;
for (;;)
{
regcomp(&preg, "(", REG_EXTENDED);
regfree(&preg);
//break;
}
return 0;
}
--- tmp.c ends here ---
bug exists on sarge i386, whith and without libc6-i686 installed.
Trying this on amd64 testing does not have memory leak.
--- ps output begins here ---
% while : ; do ps -C tmp o rsz,vsz,sz ; sleep 1 ; done
RSZ VSZSZ
RSZ VSZSZ
RSZ VSZSZ
17080 18112 4528
RSZ VSZSZ
52616 53752 13438
RSZ VSZSZ
87880 88996 22249
RSZ VSZSZ
123412 124504 31126
RSZ VSZSZ
158848 159880 39970
RSZ VSZSZ
194424 195520 48880
RSZ VSZSZ
230280 231424 57856
RSZ VSZSZ
265084 266140 66535
RSZ VSZSZ
300124 301252 75313
RSZ VSZSZ
334572 335704 83926
RSZ VSZSZ
369112 370156 92539
^C
--- ps output ends here ---
--- valgrind output begins here ---
% valgrind --leak-check=full ./tmp
==6295== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 13 from 1)
==6295== malloc/free: in use at exit: 40 bytes in 1 blocks.
==6295== malloc/free: 6 allocs, 5 frees, 436 bytes allocated.
==6295== For counts of detected errors, rerun with: -v
==6295== searching for pointers to 1 not-freed blocks.
==6295== checked 77824 bytes.
==6295==
==6295== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1
==6295==at 0x1B90459D: malloc (vg_replace_malloc.c:130)
==6295==by 0x1B9CD57B: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9CAE62: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9CAA3F: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9CA615: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9CA48D: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9CA3AE: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9C8DFC: (within /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x1B9C8A94: regcomp (in /lib/tls/i686/cmov/libc-2.3.2.so)
==6295==by 0x80483EE: main (tmp.c:10)
==6295==
==6295== LEAK SUMMARY:
==6295==definitely lost: 40 bytes in 1 blocks.
==6295== possibly lost: 0 bytes in 0 blocks.
==6295==still reachable: 0 bytes in 0 blocks.
==6295== suppressed: 0 bytes in 0 blocks.
==6295== Reachable blocks (those to which a pointer was found) are not shown.
==6295== To see them, rerun with: --show-reachable=yes
%
--- valgrind output ends here ---
Regards,
Jamil Djadala
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=bg_BG, LC_CTYPE=bg_BG (charmap=CP1251)
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7The Berkeley database routines [gl
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]