Memory leak in new rpc server infrastructure?

Jeremy Allison jra at samba.org
Wed Oct 4 19:20:57 GMT 2006 

On Wed, Oct 04, 2006 at 08:59:10PM +0200, Volker Lendecke wrote:
> Hi!
> 
> smbclient -L 127.0.0.1 leaks memory from
> 
> ==15196==    at 0x4021396: malloc (vg_replace_malloc.c:149)
> ==15196==    by 0x82B0E96: malloc_ (lib/util.c:924)
> ==15196==    by 0x815E1BA: prs_init (rpc_parse/parse_prs.c:110)
> ==15196==    by 0x81F63C0: pipe_init_outgoing_data (rpc_server/srv_pipe_hnd.c:159)
> ==15196==    by 0x81F7F19: process_request_pdu (rpc_server/srv_pipe_hnd.c:662)
> ==15196==    by 0x81F816A: process_complete_pdu (rpc_server/srv_pipe_hnd.c:721)
> ==15196==    by 0x81F8955: process_incoming_data (rpc_server/srv_pipe_hnd.c:919)
> ==15196==    by 0x81F8BBB: write_to_internal_pipe (rpc_server/srv_pipe_hnd.c:959)
> ==15196==    by 0x81F8B25: write_to_pipe (rpc_server/srv_pipe_hnd.c:942)
> ==15196==    by 0x80BF54A: api_fd_reply (smbd/ipc.c:310)
> ==15196==    by 0x80BF874: named_pipe (smbd/ipc.c:356)
> ==15196==    by 0x80BFBA6: handle_trans (smbd/ipc.c:405)
> ==15196==    by 0x80C04C0: reply_trans (smbd/ipc.c:550)
> ==15196==    by 0x8123ED8: switch_message (smbd/process.c:997)
> ==15196==    by 0x8123FA9: construct_reply (smbd/process.c:1024)
> ==15196==    by 0x8124200: process_smb (smbd/process.c:1069)
> ==15196==    by 0x812529B: smbd_process (smbd/process.c:1618)
> ==15196==    by 0x84F9092: main (smbd/server.c:1077)
> 
> I'm not 100% certain, but I think this is because the
> autogenerated srv_srvsvc.c in line 2239 also initializes the
> outgoing data blob.
> 
> Is this possible?
> 
> If that is the right reason, then we have to either change
> the autogenerated code, go through all not yet converted
> server routines or assure that we convert them all before
> 3.0.24.
> 
> Comments?

Hmmm. We could change prs_init() to use the passed in talloc
context, but that would change many of the other uses like
prs_give_memory/prs_take_memory....

It might be easier to change the pidl generated code. I'll
take a look. I think we just need to change prs_init_data_blob
to prs_copy_data_in() the data from the data blob.

Jeremy.

More information about the samba-technical mailing list