memory leak in find_items_1_reply
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgnome-keyring (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The find_items_1_reply function in library/
The underlying dbus implementation allocates these as null-terminated arrays, hence they are always allocated even when the number of items is 0. This may be confirmed by reading the code:
http://
Note in particular lines 855 and following.
Unfortunately the find_items_1_reply function has an early out in the case where n_locked and n_unlocked are both 0, so the trivial arrays are not properly freed.
Additionally, there is an early out in the case when dbus_message_
Here is a valgrind log of nm-applet which shows the problem in action:
==10301== 144 bytes in 18 blocks are definitely lost in loss record 8,167 of 9,326
==10301== at 0x4C279FC: calloc (vg_replace_
==10301== by 0x847138B: _dbus_message_
==10301== by 0x84715D9: dbus_message_
==10301== by 0x84716FD: dbus_message_
==10301== by 0x5B1A9E2: find_items_1_reply (gnome-
==10301== by 0x5B14D9B: on_pending_
==10301== by 0x8464579: complete_
==10301== by 0x8466AC9: check_for_
==10301== by 0x84680BE: _dbus_connectio
==10301== by 0x5B14E15: gkr_operation_
==10301== by 0x5B1CEBC: gnome_keyring_
==10301== by 0x44042F: copy_one_
==10301== by 0x443F0D: nm_gconf_
==10301== by 0x43F862: nm_gconf_
==10301== by 0x4465A5: read_connections (nma-gconf-
==10301== by 0x44665E: list_connections (nma-gconf-
==10301== by 0x52701D1: impl_settings_
==10301== by 0x526FEBB: dbus_glib_
==10301== by 0x6584C4C: ??? (in /usr/lib/
==10301== by 0x8475A00: _dbus_object_
==10301== by 0x8467B0F: dbus_connection
==10301== by 0x6582654: ??? (in /usr/lib/
==10301== by 0x8F5BBCC: g_main_
==10301== by 0x8F5C3A7: g_main_
==10301== by 0x8F5C9F1: g_main_loop_run (gmain.c:3299)
==10301== by 0x416D77: main (main.c:101)
Filed upstream.
https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 650606