391776 - PKIX uses arenas without any freelists

Status: RESOLVED DUPLICATE of bug 391244

(NSS :: Libraries, defect)

Description

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

This bug is filed based on the NSS_3_12_ALPHA1B tag, which is what is currently used by the trunk of Firefox, etc.

PKIX seems to allocate significant numbers of objects out of an arena (created with a PORT_NewArena call in PKIX_PL_NssContext_Create) for the lifetime of NSS.  When these objects are destroyed, they are not placed on any freelist for recycling; instead the arena pools just grow as more objects are created and destroyed.  PKIX_PL_Realloc and PKIX_PL_Free do nothing with the freed memory when context != NULL && context->arena != NULL.  This means that the memory used grows over the lifetime of the application, even though the leak won't show up with many memory leak tools if is all freed in the PORT_FreeArena call in PKIX_PL_NssContext_Destroy during shutdown.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

This seems like a duplicate of bug 391775.  They're the same issue, I think.
And both bugs seem to be dupliates of bug 391244.

David, did you actually experience these leaks? 
or did you merely find them by code inspection?  
I ask because, except for the PKIX initialization code (and shutdown code), 
all of libPKIX should be unused in FireFox at this time. 

Comment 2

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

I found this by code inspection after observing bug 391775.

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

This is a duplicate of 391244.  
I think the solution to this bug, which uses arenapools whose scope matches
the scope of the objects and/or functions being performed, will not (by itself)
resolve bug 391775, which is why I'm not marking it as a duplicate (although
they are clearly related).