Ubuntu
libxdg-basedir package

memory leak in libxdg-basedir 1.2.0 (xdgFreeData() does not free cache->runtimeDirectory)

Bug #1516828 reported by Gregory Fong
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libxdg-basedir (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I'm basically copying and pasting the following paragraphs from https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1018527 where andreas describes the problem in detail and provides a patch. The leak currently exists on Ubuntu 14.04 package libxdg-basedir1_1.2.0-1.

Description of problem:

libxdg-basedir has an internal state allocated by xdgInitHandle() and deallocated by calling xdgWipeHandle(). xdgWipeHandle() calls xdgFreeData(), which is supposed to free all memory allocated to the handle.

Unfortunately, it does not free the string cache->runtimeDirectory, leading to a memory leak of the length of $XDG_RUNTIME_DIR bytes.

This bug seems to have been introduced in upstream commit 648873a319772abf08891f1031e8faaf4b1f2b4c "Added support for Basedir 0.7's XDG_RUNTIME_DIRECTORY." (included in libxdg-basedir 1.2.0):

http://repo.or.cz/w/libxdg-basedir.git/blobdiff/ea242ddf49d385440f9d0bd42fe2c8e9d5841a91..648873a319772abf08891f1031e8faaf4b1f2b4c:/src/basedir.c

Unfortunately, the upstream project at http://n.ethz.ch/student/nevillm/download/libxdg-basedir just throws an HTTP 404 error.

I have attached a simple patch as "basedir.c.patch" that frees cache->runtimeDirectory() in xdgFreeData() in the same way as it frees the other internal data structures. I have compiled and tested it, and it seems to work for me.

Version-Release number of selected component (if applicable):

libxdg-basedir-1.2.0-3.fc19

How reproducible:

Every time. The cleanup function xdgFreeData() does not properly free cache->runtimeDirectory, which is always allocated in xdgUpdateHomeDirectories(), called by xdgUpdateData(), in turn called by xdgInitHandle().

Steps to Reproduce:

1. Compile the test program listed under "additional info" by "gcc -o foo foo.c -l xdg-basedir"
2. Run program through valgrind
3. Observe memory leak

Actual results:

xdgFreeData() does not free cache->runtimeDirectory. valgrind catches this error:

[snip]
==777== 15 bytes in 1 blocks are definitely lost in loss record 11 of 15
==777== at 0x4C28409: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==777== by 0x5BF4429: strdup (in /usr/lib64/libc-2.17.so)
==777== by 0x504176D: xdgUpdateData (in /usr/lib64/libxdg-basedir.so.1.2.0)
==777== by 0x50419C4: xdgInitHandle (in /usr/lib64/libxdg-basedir.so.1.2.0)
[snap]

Expected results:

xdgFreeData() should free cache->runtimeDirectory.

Additional info:

Here's a small test program that triggers this bug:

#include <basedir.h>

int main()
{
        xdgHandle xdg_handle;

        xdgInitHandle(&xdg_handle);
        xdgWipeHandle(&xdg_handle);

        return 0;
}

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libxdg-basedir (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.