The debdiff introduces a memory leak. With the simple program at https://gist.github.com/rlipscombe/78d6e3bbfc67e010f1e7a9ddd8c87099, the previous version is fine, but this one leaks.
Valgrind reports the following: ==11134== ==11134== HEAP SUMMARY: ==11134== in use at exit: 1,014,363 bytes in 3,794 blocks ==11134== total heap usage: 978,656 allocs, 974,862 frees, 572,269,255 bytes allocated ==11134== ==11134== 53,462 bytes in 148 blocks are definitely lost in loss record 33 of 37 ==11134== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11134== by 0x4E6DF61: _gnutls_set_datum (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E98A4C: _gnutls_x509_get_raw_dn2 (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EBBDB8: gnutls_x509_crt_import (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EC0C9D: gnutls_x509_crt_list_import (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EC0EF6: gnutls_x509_crt_list_import2 (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E7DCF3: gnutls_certificate_set_x509_trust_mem (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E7E037: gnutls_certificate_set_x509_trust_file (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x40107C: main (in /vagrant/gnutls-client) ==11134== ==11134== 294,000 bytes in 1,000 blocks are definitely lost in loss record 35 of 37 ==11134== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11134== by 0x4E6DF61: _gnutls_set_datum (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E98A4C: _gnutls_x509_get_raw_dn2 (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EBBDB8: gnutls_x509_crt_import (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E81246: gnutls_pcert_import_x509_raw (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EE0FC6: _gnutls_proc_crt (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E67836: _gnutls_recv_server_certificate (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E64B0F: gnutls_handshake (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x401253: main (in /vagrant/gnutls-client) ==11134== ==11134== 294,000 bytes in 1,000 blocks are definitely lost in loss record 36 of 37 ==11134== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11134== by 0x4E6DF61: _gnutls_set_datum (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E98A4C: _gnutls_x509_get_raw_dn2 (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EBBDB8: gnutls_x509_crt_import (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E81246: gnutls_pcert_import_x509_raw (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EE427A: _gnutls_proc_dhe_signature (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EEBB2C: proc_ecdhe_server_kx (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E674B3: _gnutls_recv_server_kx_message (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E64AB7: gnutls_handshake (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x401253: main (in /vagrant/gnutls-client) ==11134== ==11134== 294,000 bytes in 1,000 blocks are definitely lost in loss record 37 of 37 ==11134== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11134== by 0x4E6DF61: _gnutls_set_datum (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E98A4C: _gnutls_x509_get_raw_dn2 (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4EBBDB8: gnutls_x509_crt_import (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4E7C05F: _gnutls_x509_cert_verify_peers (in /usr/lib/x86_64-linux-gnu/libgnutls.so.28.30.1) ==11134== by 0x4012AF: main (in /vagrant/gnutls-client) ==11134== ==11134== LEAK SUMMARY: ==11134== definitely lost: 935,462 bytes in 3,148 blocks ==11134== indirectly lost: 0 bytes in 0 blocks ==11134== possibly lost: 0 bytes in 0 blocks ==11134== still reachable: 78,901 bytes in 646 blocks ==11134== suppressed: 0 bytes in 0 blocks ==11134== Reachable blocks (those to which a pointer was found) are not shown. ==11134== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==11134== ==11134== For counts of detected and suppressed errors, rerun with: -v ==11134== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722411 Title: gnutls28 in trusty no longer validates many valid certificate chains, such as google.com To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1722411/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
