Closed
Bug 94614
Opened 23 years ago
Closed 17 years ago
memory leak due to CERT lookup
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: jeff, Assigned: julien.pierre)
Details
(Keywords: memory-leak)
Attachments
(2 files)
there's a memory leak with respect to certificates. this may be a loop of structures pointing to each other. i'll try to explain as best i can. when PK11_FindCertFromNickname() is called, the CERTCertificate that is returned has 2 references -- one that we have and one that is being held by the internal pk11_slot[] data structure in security/nss/lib/softoken/pkcs11u.c. after the application calls CERT_DestroyCertificate(), the count goes to 1 as expected. also, the CERTCertificate holds a reference to the PK11SlotInfo. (the reference count on the PK11SlotInfo is 2 because of this reference and the one that the module holds.) (the module is the "nss internal pkcs #11 module".) in SECMOD_Shutdown(): the reference count on the internal module is 2 because of the direct reference "internalModule" and the one from the module list "modules". so, the call to SECMOD_DestroyModule(internalModule) decreases the reference count to 1. then the call to SECMOD_DestroyModule(element->module) via SECMOD_DestroyModuleElement(... via SECMOD_DestroyModuleList(modules) reaches the loop calling PK11_FreeSlot(). [on my system, this is the second module in the list and the second slot in that module.] in PK11_FreeSlot() the reference count is decremented from 2 to 1 and the call returns -- rather than calling PK11_DestroySlot(). since PK11_DestroySlot() does not get called, none of the PK11Slot cleanup gets done (the session stuff) and PK11_FreeSlotCerts() does not get called. so we end up leaking a CERTCertificate and PK11SlotInfo (and a bunch of other subordinate structures). i also noticed that there is no explicit method of cleaning up the members of the pk11_slot[] data structure in security/nss/lib/softoken/pkcs11u.c -- it looks like some of the fields may get indirectly deleted via a wrapper PK11SlotInfo but i'm not sure. i'm sorry to babble like this in a bug report, but i've stared at this one for 2 days and am not sure of anything any more.... i'll attach a test case in a minute.
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
Reporter | ||
Comment 3•23 years ago
|
||
when the block marked #if 1 is present, i'm seeing a bunch of leaks totaling about 25kb that aren't present when the block is #if 0'd.
Comment 4•23 years ago
|
||
Assigned the bug to Kirk.
Assignee: wtc → kirke
Priority: -- → P2
Target Milestone: --- → 3.4
Comment 5•23 years ago
|
||
Marking NEW.
Comment 6•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Updated•22 years ago
|
Target Milestone: 3.6 → 3.7
Comment 9•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Comment 10•21 years ago
|
||
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Comment 11•21 years ago
|
||
Not likely to get to this in the 3.9 timeframe. Set Target Milestone to Future.
Target Milestone: --- → Future
Updated•21 years ago
|
Target Milestone: Future → ---
Comment 12•20 years ago
|
||
Jeff, You originally reported this bug against NSS 3.3. Do you still use NSS 3.3? Are you able to use NSS 3.9? We fixed MANY memory leaks in NSS 3.9, and I suspect it is possible that the leak you reported may be gone now. Can you test with NSS 3.9 and confirm whether this is still an issue, or not?
Reporter | ||
Comment 13•20 years ago
|
||
Sorry, I'm not working on code base that used NSS any longer (it was a contract project), so I can't upgrade and try 3.9. You might try running the test program that I included under BoundsChecker with and without the #if-1 block and see what happens.
Updated•20 years ago
|
Assignee: kirk.erickson → wchang0222
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
Assignee | ||
Updated•17 years ago
|
Assignee: nobody → julien.pierre.boogz
Assignee | ||
Comment 14•17 years ago
|
||
I ran the test program against the current tip with dbx check leaks, and found no leaks. Closing WORKSFORME.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•