Project

General

Profile

Actions

Task #1663

closed

Check if there are memory leaks in SecTpmOsx

Added by Alex Afanasyev over 10 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Related issues 1 (0 open1 closed)

Blocked by ndn-cxx - Bug #1562: In SecTpmOsx, call CFRelease to free memoryClosedAlex Afanasyev04/30/2014

Actions
Actions #1

Updated by Alex Afanasyev over 10 years ago

  • Blocked by Bug #1562: In SecTpmOsx, call CFRelease to free memory added
Actions #2

Updated by Junxiao Shi almost 10 years ago

  • Start date deleted (06/13/2014)

Should this be performed as a code review / analysis, or should valgrind be used?

Actions #3

Updated by Alex Afanasyev almost 9 years ago

  • Target version changed from v0.3 to v0.5
Actions #4

Updated by Weiwei Liu about 8 years ago

I found a leak with ndn-cxx:commit:cfaa1addf4592d44e119604abcec06c73ef113f2 and NFD:commit:9627e88d4b9a3e30090ad4d5240d58525ba0126f.

OSX 10.10.5, LLVM 7.0.2 clang-700.1.81.

Valgrind command is: sudo valgrind --num-callers=40 --leak-check=full --show-leak-kinds=all nfd

==38476== 7,040 bytes in 176 blocks are still reachable in loss record 967 of 972
==38476==    at 0x100D49EA1: malloc (vg_replace_malloc.c:303)
==38476==    by 0x102AC943D: operator new(unsigned long) (in /usr/lib/libc++.1.dylib)
==38476==    by 0x1013853E0: std::__1::__tree<std::__1::__value_type<unsigned int, unsigned int>, std::__1::__map_value_compare<unsigned int, std::__1::__value_type<unsigned int, unsigned int>, std::__1::less<unsigned int>, true>, std::__1::allocator<std::__1::__value_type<unsigned int, unsigned int> > >::__insert_unique(std::__1::__value_type<unsigned int, unsigned int> const&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013840D1: Security::MetaRecord::createAttribute(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const*, Security::CssmData const*, unsigned int, unsigned int) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127D26A: Security::DbVersion::open() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127C77D: Security::DbVersion::DbVersion(Security::AppleDatabase const&, Security::RefPointer<Security::AtomicBufferedFile> const&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127C38F: Security::DbModifier::getDbVersion(bool) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127C23C: Security::DbModifier::openDatabase() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127BF18: Security::Database::_dbOpen(Security::DatabaseSession&, unsigned int, Security::AccessCredentials const*, void const*) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127B7FE: Security::DatabaseManager::dbOpen(Security::DatabaseSession&, Security::DbName const&, unsigned int, Security::AccessCredentials const*, void const*) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10127B4C1: Security::DatabaseSession::DbOpen(char const*, cssm_net_address const*, unsigned int, Security::AccessCredentials const*, void const*, long&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1012C901C: Security::MDSSession::DbOpen(char const*, cssm_net_address const*, unsigned int, Security::AccessCredentials const*, void const*, long&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1012C8E72: mds_DbOpen(long, char const*, cssm_net_address const*, unsigned int, cssm_access_credentials const*, void const*, long*) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x101279917: Security::MDSClient::Directory::cdsa() const (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10133431F: Security::MDSClient::Directory::dlGetFirst(cssm_query const&, cssm_db_record_attribute_data&, cssm_data*, cssm_db_unique_record*&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1012793AF: Security::CssmClient::Table<Security::MDSClient::Common>::startQuery(Security::CssmQuery const&, bool) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10129F642: Security::KeychainCore::DynamicDLDBList::_load() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x10129F4C6: Security::KeychainCore::DynamicDLDBList::searchList() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013C0BD9: Security::KeychainCore::StorageManager::getSearchList(std::__1::vector<Security::KeychainCore::Keychain, std::__1::allocator<Security::KeychainCore::Keychain> >&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013C34DB: Security::KeychainCore::StorageManager::optionalSearchList(void const*, std::__1::vector<Security::KeychainCore::Keychain, std::__1::allocator<Security::KeychainCore::Keychain> >&) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x101292565: SecKeychainSearchCreateFromAttributes (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013DAC94: _CreateSecItemParamsFromDictionary(__CFDictionary const*, int*) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013D712F: SecItemCopyMatching_osx(__CFDictionary const*, void const**) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1013D6DE8: SecItemCopyMatching (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==38476==    by 0x1017ADA42: ndn::SecTpmOsx::Impl::getKey(ndn::Name const&, ndn::KeyClass) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1017AEFFC: ndn::SecTpmOsx::signInTpmInternal(unsigned char const*, unsigned long, ndn::Name const&, ndn::DigestAlgorithm, bool) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1017B0264: ndn::SecTpmOsx::signInTpm(unsigned char const*, unsigned long, ndn::Name const&, ndn::DigestAlgorithm) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1016DE542: ndn::security::KeyChain::pureSign(unsigned char const*, unsigned long, ndn::Name const&, ndn::DigestAlgorithm) const (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1016DEE5D: ndn::security::KeyChain::signPacketWrapper(ndn::Data&, ndn::Signature const&, ndn::Name const&, ndn::DigestAlgorithm) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1016E1019: void ndn::security::KeyChain::signImpl<ndn::Data>(ndn::Data&, ndn::security::SigningInfo const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1016B1595: ndn::mgmt::Dispatcher::sendData(ndn::Name const&, ndn::Block const&, ndn::MetaInfo const&, ndn::mgmt::Dispatcher::SendDestination, boost::chrono::duration<long long, boost::ratio<1l, 1000l> >) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x1016B5F11: ndn::mgmt::Dispatcher::postNotification(ndn::Block const&, ndn::Name const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==38476==    by 0x100051586: std::__1::function<void (ndn::Block const&)>::operator()(ndn::Block const&) const (in /usr/local/bin/nfd)
==38476==    by 0x100191C7F: nfd::FaceManager::notifyAddFace(nfd::face::Face const&) (in /usr/local/bin/nfd)
==38476==    by 0x1001CC291: void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (nfd::FaceManager::*)(nfd::face::Face const&), nfd::FaceManager*, std::__1::placeholders::__ph<1>&>&, nfd::face::Face&>(std::__1::__bind<void (nfd::FaceManager::*)(nfd::face::Face const&), nfd::FaceManager*, std::__1::placeholders::__ph<1>&>&, nfd::face::Face&) (in /usr/local/bin/nfd)
==38476==    by 0x1001CBF7B: std::__1::__function::__func<std::__1::__bind<void (nfd::FaceManager::*)(nfd::face::Face const&), nfd::FaceManager*, std::__1::placeholders::__ph<1>&>, std::__1::allocator<std::__1::__bind<void (nfd::FaceManager::*)(nfd::face::Face const&), nfd::FaceManager*, std::__1::placeholders::__ph<1>&> >, void (nfd::face::Face&)>::operator()(nfd::face::Face&) (in /usr/local/bin/nfd)
==38476==    by 0x1001117F6: std::__1::function<void (nfd::face::Face&)>::operator()(nfd::face::Face&) const (in /usr/local/bin/nfd)
==38476==    by 0x10010E057: ndn::util::signal::Signal<nfd::FaceTable, nfd::face::Face&>::operator()(nfd::face::Face&) (in /usr/local/bin/nfd)
==38476==    by 0x10010BF66: nfd::FaceTable::addImpl(std::__1::shared_ptr<nfd::face::Face>, unsigned long long) (in /usr/local/bin/nfd)
==38476==    by 0x10010C16D: nfd::FaceTable::addReserved(std::__1::shared_ptr<nfd::face::Face>, unsigned long long) (in /usr/local/bin/nfd)

Actions #5

Updated by Junxiao Shi about 8 years ago

I tried several times to reproduce this bug on OS X 10.11 with the following snippet:

// g++ -o x -std=c++0x x.cpp $(pkg-config --cflags --libs libndn-cxx)
#include <ndn-cxx/data.hpp>
#include <ndn-cxx/security/key-chain.hpp>

using namespace ndn;

int main()
{
  KeyChain keyChain;

  auto data = make_shared<Data>("/hello");
  keyChain.sign(*data);

  return 0;
}

But valgrind-3.11.0.SVN crashes every time with:

==15151== Memcheck, a memory error detector
==15151== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==15151== Using Valgrind-3.11.0.SVN and LibVEX; rerun with -h for copyright info
==15151== Command: ./x
==15151== 
--15151-- UNKNOWN fcntl 97!
--15151-- UNKNOWN fcntl 97! (repeated 2 times)
--15151-- UNKNOWN fcntl 97! (repeated 4 times)
--15151-- UNKNOWN fcntl 97! (repeated 8 times)
--15151-- UNKNOWN fcntl 97! (repeated 16 times)
--15151-- UNKNOWN fcntl 97! (repeated 32 times)
--15151-- UNKNOWN fcntl 95!
--15151-- UNKNOWN fcntl 93!
--15151-- UNKNOWN fcntl 93! (repeated 2 times)
--15151-- UNKNOWN fcntl 93! (repeated 4 times)
--15151-- UNKNOWN fcntl 93! (repeated 8 times)
--15151-- UNKNOWN fcntl 93! (repeated 16 times)
--15151-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option
--15151-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 2 times)
--15151-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 4 times)
--15151-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 8 times)

Memcheck: mc_main.c:1730 (void set_address_range_perms(Addr, SizeT, UWord, UWord)): Assertion '! sr_isError(sres)' failed.
Memcheck: SecMap valgrind munmap failure


host stacktrace:
==15151==    at 0x238040137: ???
==15151==    by 0x23804053E: ???
==15151==    by 0x238040521: ???
==15151==    by 0x238006250: ???
==15151==    by 0x2380065CC: ???
==15151==    by 0x2380DF8C9: ???

sched status:
  running_tid=0

Thread 1: status = VgTs_WaitSys (lwpid 2567)
==15151==    at 0x102D65FAE: semaphore_wait_trap (in /usr/lib/system/libsystem_kernel.dylib)
==15151==    by 0x102B74CB1: _dispatch_semaphore_wait_slow (in /usr/lib/system/libdispatch.dylib)
==15151==    by 0x102F23BA8: xpc_connection_send_message_with_reply_sync (in /usr/lib/system/libxpc.dylib)
==15151==    by 0x101791F35: __78-[CFPrefsPlistSource sendRequestNewDataMessage:toConnection:retryCount:error:]_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10173CEF5: CFPREFERENCES_IS_WAITING_FOR_CFPREFSD (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x101791EA9: -[CFPrefsPlistSource sendRequestNewDataMessage:toConnection:retryCount:error:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x101791DAA: __50-[CFPrefsPlistSource alreadylocked_requestNewData]_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10173DA0C: _CFPrefsWithDaemonConnection (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x101791CCA: -[CFPrefsPlistSource alreadylocked_requestNewData] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x1017700A3: _copyValueForKey (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10176FF92: -[CFPrefsPlistSource copyValueForKey:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10176FF3F: ___CFPreferencesCopyValueWithContainer_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10173A42C: +[CFPrefsSource withSourceForIdentifier:user:byHost:container:perform:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x10176FEDB: _CFPreferencesCopyValueWithContainer (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==15151==    by 0x101E0571C: Security::KeychainCore::Globals::Globals() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x101E056A3: Security::ModuleNexus<Security::KeychainCore::Globals>::make() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x101FB71B8: Security::ModuleNexusCommon::do_create(void* (*)()) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x102B6940A: _dispatch_client_callout (in /usr/lib/system/libdispatch.dylib)
==15151==    by 0x102B69302: dispatch_once_f (in /usr/lib/system/libdispatch.dylib)
==15151==    by 0x101DF4991: Security::ModuleNexusCommon::create(void* (*)()) (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x101E0563A: Security::ModuleNexus<Security::KeychainCore::Globals>::operator()() (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x101F412BC: SecKeychainSetUserInteractionAllowed (in /System/Library/Frameworks/Security.framework/Versions/A/Security)
==15151==    by 0x1003D1000: ndn::security::SecTpmOsx::SecTpmOsx(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x1003D11AC: ndn::security::SecTpmOsx::SecTpmOsx(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x100198905: std::__1::unique_ptr<ndn::security::SecTpmOsx, std::__1::default_delete<ndn::security::SecTpmOsx> > ndn::make_unique<ndn::security::SecTpmOsx, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x10019889F: void ndn::security::KeyChain::registerTpm<ndn::security::SecTpmOsx>(std::initializer_list<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)::{lambda(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)#1}::operator()(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) const (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x100198553: std::__1::unique_ptr<ndn::security::SecTpm, std::__1::default_delete<ndn::security::SecTpm> > std::__1::__invoke_void_return_wrapper<std::__1::unique_ptr<ndn::security::SecTpm, std::__1::default_delete<ndn::security::SecTpm> > >::__call<void ndn::security::KeyChain::registerTpm<ndn::security::SecTpmOsx>(std::initializer_list<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)::{lambda(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)#1}&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&>(void ndn::security::KeyChain::registerTpm<ndn::security::SecTpmOsx>(std::initializer_list<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)::{lambda(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)#1}&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x1001983DA: std::__1::__function::__func<void ndn::security::KeyChain::registerTpm<ndn::security::SecTpmOsx>(std::initializer_list<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >)::{lambda(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)#1}, std::__1::allocator<{lambda(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)#1}>, std::__1::unique_ptr<ndn::security::SecTpm, std::__1::default_delete<std::__1::unique_ptr> > (std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)>::operator()(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x1000F8EB3: std::__1::function<std::__1::shared_ptr<ndn::mgmt::ControlParameters> (ndn::name::Component const&)>::operator()(ndn::name::Component const&) const (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x10018B1E4: ndn::security::KeyChain::createTpm(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x100187638: ndn::security::KeyChain::initialize(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool) (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x10018441F: ndn::security::KeyChain::KeyChain() (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x100187A14: ndn::security::KeyChain::KeyChain() (in /usr/local/lib/libndn-cxx.0.4.1.dylib)
==15151==    by 0x1000013A7: main (in ./x)

Thread 2: status = VgTs_Yielding (lwpid 5379)
==15151==    at 0x102B6F1AA: _dispatch_mgr_invoke (in /usr/lib/system/libdispatch.dylib)
==15151==    by 0x102B6EDCC: _dispatch_mgr_thread (in /usr/lib/system/libdispatch.dylib)

Thread 3: status = VgTs_Init (lwpid 4871)
==15151==    at 0x102EC1334: start_wqthread (in /usr/lib/system/libsystem_pthread.dylib)


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.
Actions #6

Updated by Junxiao Shi over 7 years ago

  • Status changed from New to Rejected

This is no longer needed because SecTpmOsx is part of KeyChain v1 which is pending removal.

Actions

Also available in: Atom PDF