[Bug stdio/25691] New: printf: memory leak when printing long multibyte strings

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] New: printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

            Bug ID: 25691
           Summary: printf: memory leak when printing long multibyte
                    strings
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: stdio
          Assignee: unassigned at sourceware dot org
          Reporter: Mrmaxmeier at gmail dot com
  Target Milestone: ---

Created attachment 12386
  --> https://sourceware.org/bugzilla/attachment.cgi?id=12386&action=edit
leak memory using printf in a loop

Hey there,

I'm observing memory leaks in a specific case of an printf call.
When run in a loop, this OOMs my system (Arch Linux, x86_64, glibc 2.31):

    printf("%.1371337ls", L"A\n");

I've also confirmed this behaviour on v2.30 (Ubuntu 19.10) and v2.27 (Ubuntu
18.04).
The reproducer is pretty contrived :) My original call looked something like
this:

    printf("%ls", multibyte_string_with_more_than_65536_chars);

Here's a quick summary of what happens in
vfprintf-internal.c -> process_string_arg -> LABEL(print_string):

    if (prec >= 0) {
        if (<can allocate `prec` stack>)
            string = alloca(prec);
        else if ((string = malloc(prec)) == NULL) ...
        else string_malloced = 1;
        ...
    } else
        <similar logic here>

    if (...) {
        done = -1;
        goto all_done; <-- this can leak `string`
    }
    if (...) {
        outstring(...)
        break; <-- this can leak `string`
    }
    if (string_malloced)
        free(string); <-- the only call to free(string)

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

Mrmaxmeier at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Mrmaxmeier at gmail dot com

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2020-03-18
           Assignee|unassigned at sourceware dot org   |adhemerval.zanella at linaro dot o
                   |                            |rg
                 CC|                            |adhemerval.zanella at linaro dot o
                   |                            |rg
     Ever confirmed|0                           |1
   Target Milestone|---                         |2.32
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
(In reply to Mrmaxmeier from comment #0)

> Created attachment 12386 [details]
> leak memory using printf in a loop
>
> Hey there,
>
> I'm observing memory leaks in a specific case of an printf call.
> When run in a loop, this OOMs my system (Arch Linux, x86_64, glibc 2.31):
>
>     printf("%.1371337ls", L"A\n");
>
> I've also confirmed this behaviour on v2.30 (Ubuntu 19.10) and v2.27 (Ubuntu
> 18.04).
> The reproducer is pretty contrived :) My original call looked something like
> this:
>
>     printf("%ls", multibyte_string_with_more_than_65536_chars);
>
> Here's a quick summary of what happens in
> vfprintf-internal.c -> process_string_arg -> LABEL(print_string):
>
>     if (prec >= 0) {
>         if (<can allocate `prec` stack>)
>             string = alloca(prec);
>         else if ((string = malloc(prec)) == NULL) ...
>         else string_malloced = 1;
>         ...
>     } else
>         <similar logic here>
>    
>     if (...) {
>         done = -1;
>         goto all_done; <-- this can leak `string`
>     }
>     if (...) {
>         outstring(...)
>         break; <-- this can leak `string`
>     }
>     if (string_malloced)
>         free(string); <-- the only call to free(string)

It seems that the process_string_arg macro is breaking out the loop without
deallocate the 'string' for 'width -= len'. I think it would be simple to use a
scratch_buffer to handle it.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Fixed on 2.31.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

--- Comment #3 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> ---
Correction: fixed on 2.32.

--
You are receiving this mail because:
You are on the CC list for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug stdio/25691] printf: memory leak when printing long multibyte strings

Sourceware - glibc-bugs mailing list
In reply to this post by Sourceware - glibc-bugs mailing list
https://sourceware.org/bugzilla/show_bug.cgi?id=25691

Florian Weimer <fw at deneb dot enyo.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw at deneb dot enyo.de

--- Comment #4 from Florian Weimer <fw at deneb dot enyo.de> ---
Relevant commits:

commit 3cc4a8367c23582b7db14cf4e150e4068b7fd461
Author: Florian Weimer <[hidden email]>
Date:   Thu Mar 19 18:32:28 2020 -0300

    stdio: Remove memory leak from multibyte convertion [BZ#25691]

commit 910a835dc96c1f518ac2a6179fc622ba81ffb159
Author: Adhemerval Zanella <[hidden email]>
Date:   Thu Mar 19 18:35:46 2020 -0300

    stdio: Add tests for printf multibyte convertion leak [BZ#25691]

--
You are receiving this mail because:
You are on the CC list for the bug.