Opened 5 months ago

Last modified 2 months ago

#33503 assigned defect

LeakSanitizer detected memory leak with Tor 0.4.4.0-alpha-dev (git-6472d9cfdf1198cf)

Reported by: gk Owned by: asn
Priority: Medium Milestone: Tor: 0.4.4.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: regresssion, memleak, tor-hs, 044-must, postfreeze-ok
Cc: asn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I hit a memory leak with the latest tor code from master when using it in Tor Browser.

Direct leak of 112 byte(s) in 2 object(s) allocated from:
    #0 0x7fdee552d628 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x107628)
    #1 0x55e7f567b5fa in tor_malloc_ ../src/lib/malloc/malloc.c:45
    #2 0x55e7f567b690 in tor_malloc_zero_ ../src/lib/malloc/malloc.c:71
    #3 0x55e7f5478339 in cache_client_desc_new ../src/feature/hs/hs_cache.c:429
    #4 0x55e7f5478339 in hs_cache_store_as_client ../src/feature/hs/hs_cache.c:830
    #5 0x55e7f5487e50 in client_dir_fetch_200 ../src/feature/hs/hs_client.c:1372
    #6 0x55e7f5487e50 in hs_client_dir_fetch_done ../src/feature/hs/hs_client.c:2264
    #7 0x55e7f54445fa in handle_response_fetch_hsdesc_v3 ../src/feature/dirclient/dirclient.c:2776
    #8 0x55e7f54445fa in connection_dir_client_reached_eof ../src/feature/dirclient/dirclient.c:2202
    #9 0x55e7f54445fa in connection_dir_reached_eof ../src/feature/dirclient/dirclient.c:2989
    #10 0x55e7f52e5505 in connection_reached_eof ../src/core/mainloop/connection.c:5029
    #11 0x55e7f52e5505 in connection_handle_read_impl ../src/core/mainloop/connection.c:3776
    #12 0x55e7f52e5505 in connection_handle_read ../src/core/mainloop/connection.c:3788
    #13 0x55e7f52f18e0 in conn_read_callback ../src/core/mainloop/mainloop.c:892
    #14 0x7fdee528eb0e  (/usr/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x23b0e)

I've attached all the direct/indirect leaks that LeakSanitizer gave me, in case there is more lurking.

Child Tickets

Attachments (1)

33503_leaks (34.3 KB) - added by gk 5 months ago.

Download all attachments as: .zip

Change History (11)

Changed 5 months ago by gk

Attachment: 33503_leaks added

comment:1 Changed 5 months ago by nickm

Milestone: Tor: 0.4.4.x-final

comment:2 Changed 5 months ago by nickm

Cc: asn dgoulet added

Could this be related to the new onionbalance-helper code? Adding dgoulet and asn in case.

comment:3 Changed 3 months ago by dgoulet

Cc: dgoulet removed
Keywords: regresssion memleak tor-hs added

comment:4 Changed 2 months ago by nickm

Keywords: 044-should added

comment:5 Changed 2 months ago by nickm

Keywords: 044-must added; 044-should removed

comment:6 Changed 2 months ago by nickm

Keywords: postfreeze-ok added

Mark tickets which are important or safe enough to look at post-freeze for 0.4.4.

comment:7 Changed 2 months ago by asn

Owner: set to asn
Status: newassigned

I think this has been fixed in the meanwhile, but assigning it to me for now to check it out further.

comment:8 Changed 2 months ago by asn

This seems related to the new client auth descriptor code. geko do you remember if you used any client auth protected websites during your browsering 3 months ago? :/

comment:9 in reply to:  8 Changed 2 months ago by gk

Replying to asn:

This seems related to the new client auth descriptor code. geko do you remember if you used any client auth protected websites during your browsering 3 months ago? :/

Not intentionally and I did not enter any credentials anywhere.

comment:10 Changed 2 months ago by asn

Hmm, I don't see an obvious memleak in cache_store_as_client(). It seems like we are always freeing the old cache entry when we replace it. And wea always free the cache in the end in hs_cache_free_all().

Note: See TracTickets for help on using tickets.