Skip Menu |
 

To: krb5-bugs@mit.edu
Subject: memory leak on macos
Date: Wed, 10 Jan 2024 14:46:30 -0500
From: "Anthony Sottile" <anthony.sottile@sentry.io>
hello, I've found what I believe to be a memory leak on macos -- I've
tried to narrow it down to a simple reproduction:

```c
#include <stdbool.h>
#include <stdio.h>
#include <gssapi.h>

int main(void) {
for (int i = 0; i < 10; i += 1) {
gss_cred_id_t cred = 0;
OM_uint32 minor = 0;
OM_uint32 ret = gss_acquire_cred(
&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
GSS_C_INITIATE, &cred, NULL, NULL
);
if (ret == GSS_S_COMPLETE) {
printf("no error\n");
gss_release_cred(&minor, &cred);
} else {
printf("got error: %d\n", ret);
}
}
}
```

compiled using:

```bash
gcc $(PKG_CONFIG_PATH=/opt/homebrew/Cellar/krb5/1.21.2/lib/pkgconfig/
pkg-config krb5-gssapi --cflags --libs) t.c
```

leaks shown using:

```bash
leaks --atExit -- ./a.out
```

note: I don't have gss set up in any way so the expected path of my
program above is the error case:

```console
$ ./a.out
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
got error: 458752
```



this leak is the important one (the other is sort of expected, a
global error message retrievable later and is not per-call):

```

STACK OF 8 INSTANCES OF 'ROOT CYCLE: <OS_xpc_connection>':
19 dyld 0x1822eff28 start + 2236
18 a.out 0x102af7f00 main + 88
17 libgssapi_krb5.2.2.dylib 0x102bdac2c gss_acquire_cred + 36
16 libgssapi_krb5.2.2.dylib 0x102bdadc8
gss_acquire_cred_from + 400
15 libgssapi_krb5.2.2.dylib 0x102bdb180 gss_add_cred_from + 624
14 libgssapi_krb5.2.2.dylib 0x102bf8d30
spnego_gss_acquire_cred_from + 128
13 libgssapi_krb5.2.2.dylib 0x102bf8e8c get_available_mechs + 228
12 libgssapi_krb5.2.2.dylib 0x102bdadc8
gss_acquire_cred_from + 400
11 libgssapi_krb5.2.2.dylib 0x102bdb180 gss_add_cred_from + 624
10 libgssapi_krb5.2.2.dylib 0x102be919c acquire_cred_from + 68
9 libgssapi_krb5.2.2.dylib 0x102be9894
acquire_cred_context + 1664
8 libkrb5.3.3.dylib 0x102cf1a70
krb5_cccol_have_content + 92
7 libkrb5.3.3.dylib 0x102cf1788
krb5_cccol_cursor_next + 76
6 libkrb5.3.3.dylib 0x102cf44dc
api_macos_ptcursor_next + 240
5 libkrb5.3.3.dylib 0x102cf49d4 get_primary_name + 124
4 libxpc.dylib 0x182388850
xpc_connection_create_mach_service + 40
3 libxpc.dylib 0x182398f80
_xpc_connection_create + 136
2 libdispatch.dylib 0x182497838
_os_object_alloc_realized + 32
1 libobjc.A.dylib 0x1822abe00 class_createInstance + 64
0 libsystem_malloc.dylib 0x182488eb0
_malloc_zone_calloc_instrumented_or_legacy + 92
====
47 (5.98K) << TOTAL >>
----
6 (784 bytes) ROOT CYCLE: <OS_xpc_connection 0x13e0065e0> [240]
"com.apple.GSSCred" (from libkrb5.3.3.dylib) pid 599 [GSSCred]
3 (368 bytes) ROOT CYCLE: <OS_dispatch_mach 0x13e008400>
[160] "com.apple.GSSCred" (from libkrb5.3.3.dylib)
1 (64 bytes) ROOT CYCLE: <calloc in _dispatch_unote_create
Show quoted text
0x13e0076f0> [64]
CYCLE BACK TO <OS_xpc_connection 0x13e0065e0> [240]
"com.apple.GSSCred" (from libkrb5.3.3.dylib) pid 599 [GSSCred]
1 (144 bytes) <calloc in _dispatch_unote_create 0x13e0084a0> [144]
2 (176 bytes) <calloc in _xpc_connection_cancel 0x13e0066d0> [32]
1 (144 bytes) <malloc in _vasprintf 0x13e0088b0> [144]
```

seemingly from this code here:
https://github.com/krb5/krb5/blob/ec71ac1cabbb3926f8ffaf71e1ad007e4e56e0e5/src/lib/krb5/ccache/cc_api_macos.c#L161-L224

I'm on macos 13.5.2 arm64 and using krb5 1.21.2 from homebrew

```
$ uname -a

Darwin FJJ4YYCWYX.local 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul
5 22:22:05 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T6000 arm64
arm Darwin
```

anthony
From: "Anthony Sottile" <anthony.sottile@sentry.io>
Date: Thu, 11 Jan 2024 11:51:08 -0500
Subject: [krbdev.mit.edu #9109] Re: memory leak on macos
To: krb5-bugs@mit.edu
Download (untitled) / with headers
text/plain 4.7KiB
here is a patch which fixes the bug:

```diff
--- lib/krb5/ccache/cc_api_macos.c.old 2024-01-10 16:14:19
+++ lib/krb5/ccache/cc_api_macos.c 2024-01-10 16:14:43
@@ -218,8 +218,10 @@
xpc_release(request);
if (reply != NULL)
xpc_release(reply);
- if (conn != NULL)
+ if (conn != NULL) {
xpc_connection_cancel(conn);
+ xpc_release(conn);
+ }
return ret;
}
```

On Wed, Jan 10, 2024 at 2:46 PM Anthony Sottile
<anthony.sottile@sentry.io> wrote:
Show quoted text
>
> hello, I've found what I believe to be a memory leak on macos -- I've
> tried to narrow it down to a simple reproduction:
>
> ```c
> #include <stdbool.h>
> #include <stdio.h>
> #include <gssapi.h>
>
> int main(void) {
> for (int i = 0; i < 10; i += 1) {
> gss_cred_id_t cred = 0;
> OM_uint32 minor = 0;
> OM_uint32 ret = gss_acquire_cred(
> &minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
> GSS_C_INITIATE, &cred, NULL, NULL
> );
> if (ret == GSS_S_COMPLETE) {
> printf("no error\n");
> gss_release_cred(&minor, &cred);
> } else {
> printf("got error: %d\n", ret);
> }
> }
> }
> ```
>
> compiled using:
>
> ```bash
> gcc $(PKG_CONFIG_PATH=/opt/homebrew/Cellar/krb5/1.21.2/lib/pkgconfig/
> pkg-config krb5-gssapi --cflags --libs) t.c
> ```
>
> leaks shown using:
>
> ```bash
> leaks --atExit -- ./a.out
> ```
>
> note: I don't have gss set up in any way so the expected path of my
> program above is the error case:
>
> ```console
> $ ./a.out
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> got error: 458752
> ```
>
>
>
> this leak is the important one (the other is sort of expected, a
> global error message retrievable later and is not per-call):
>
> ```
>
> STACK OF 8 INSTANCES OF 'ROOT CYCLE: <OS_xpc_connection>':
> 19 dyld 0x1822eff28 start + 2236
> 18 a.out 0x102af7f00 main + 88
> 17 libgssapi_krb5.2.2.dylib 0x102bdac2c gss_acquire_cred + 36
> 16 libgssapi_krb5.2.2.dylib 0x102bdadc8
> gss_acquire_cred_from + 400
> 15 libgssapi_krb5.2.2.dylib 0x102bdb180 gss_add_cred_from + 624
> 14 libgssapi_krb5.2.2.dylib 0x102bf8d30
> spnego_gss_acquire_cred_from + 128
> 13 libgssapi_krb5.2.2.dylib 0x102bf8e8c get_available_mechs + 228
> 12 libgssapi_krb5.2.2.dylib 0x102bdadc8
> gss_acquire_cred_from + 400
> 11 libgssapi_krb5.2.2.dylib 0x102bdb180 gss_add_cred_from + 624
> 10 libgssapi_krb5.2.2.dylib 0x102be919c acquire_cred_from + 68
> 9 libgssapi_krb5.2.2.dylib 0x102be9894
> acquire_cred_context + 1664
> 8 libkrb5.3.3.dylib 0x102cf1a70
> krb5_cccol_have_content + 92
> 7 libkrb5.3.3.dylib 0x102cf1788
> krb5_cccol_cursor_next + 76
> 6 libkrb5.3.3.dylib 0x102cf44dc
> api_macos_ptcursor_next + 240
> 5 libkrb5.3.3.dylib 0x102cf49d4 get_primary_name + 124
> 4 libxpc.dylib 0x182388850
> xpc_connection_create_mach_service + 40
> 3 libxpc.dylib 0x182398f80
> _xpc_connection_create + 136
> 2 libdispatch.dylib 0x182497838
> _os_object_alloc_realized + 32
> 1 libobjc.A.dylib 0x1822abe00 class_createInstance + 64
> 0 libsystem_malloc.dylib 0x182488eb0
> _malloc_zone_calloc_instrumented_or_legacy + 92
> ====
> 47 (5.98K) << TOTAL >>
> ----
> 6 (784 bytes) ROOT CYCLE: <OS_xpc_connection 0x13e0065e0> [240]
> "com.apple.GSSCred" (from libkrb5.3.3.dylib) pid 599 [GSSCred]
> 3 (368 bytes) ROOT CYCLE: <OS_dispatch_mach 0x13e008400>
> [160] "com.apple.GSSCred" (from libkrb5.3.3.dylib)
> 1 (64 bytes) ROOT CYCLE: <calloc in _dispatch_unote_create
> 0x13e0076f0> [64]
> CYCLE BACK TO <OS_xpc_connection 0x13e0065e0> [240]
> "com.apple.GSSCred" (from libkrb5.3.3.dylib) pid 599 [GSSCred]
> 1 (144 bytes) <calloc in _dispatch_unote_create 0x13e0084a0> [144]
> 2 (176 bytes) <calloc in _xpc_connection_cancel 0x13e0066d0> [32]
> 1 (144 bytes) <malloc in _vasprintf 0x13e0088b0> [144]
> ```
>
> seemingly from this code here:
> https://github.com/krb5/krb5/blob/ec71ac1cabbb3926f8ffaf71e1ad007e4e56e0e5/src/lib/krb5/ccache/cc_api_macos.c#L161-L224
>
> I'm on macos 13.5.2 arm64 and using krb5 1.21.2 from homebrew
>
> ```
> $ uname -a
>
> Darwin FJJ4YYCWYX.local 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul
> 5 22:22:05 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T6000 arm64
> arm Darwin
> ```
>
> anthony
Can you test just calling xpc_release() and not not xpc_connection_cancel()?

Thanks.
 
To: rt@kerborg-prod-app-1.mit.edu
From: "Anthony Sottile" <anthony.sottile@sentry.io>
Subject: Re: [krbdev.mit.edu #9109] memory leak on macos
Date: Fri, 12 Jan 2024 09:45:40 -0500
that also appears to work. new patch:

```
--- lib/krb5/ccache/cc_api_macos.c.old 2024-01-10 16:14:19
+++ lib/krb5/ccache/cc_api_macos.c 2024-01-12 09:42:23
@@ -219,7 +219,7 @@
if (reply != NULL)
xpc_release(reply);
if (conn != NULL)
- xpc_connection_cancel(conn);
+ xpc_release(conn);
return ret;
}
```


On Thu, Jan 11, 2024 at 6:06 PM Greg Hudson via RT
<rt@kerborg-prod-app-1.mit.edu> wrote:
Show quoted text
>
> Can you test just calling xpc_release() and not not xpc_connection_cancel()?
>
> Thanks.
>
>
Subject: git commit
From: ghudson@mit.edu

Fix memory leak in macOS 11 ccache client

In get_primary_name(), use the proper function to free conn.

[ghudson@mit.edu: wrote commit message]

https://github.com/krb5/krb5/commit/52fe67623b7205d91ceac855651e8c17f56b10c8
Author: Anthony Sottile <anthony.sottile@sentry.io>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 52fe67623b7205d91ceac855651e8c17f56b10c8
Branch: master
src/lib/krb5/ccache/cc_api_macos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
From: ghudson@mit.edu
Subject: git commit

Fix memory leak in macOS 11 ccache client

In get_primary_name(), use the proper function to free conn.

[ghudson@mit.edu: wrote commit message]

(cherry picked from commit 52fe67623b7205d91ceac855651e8c17f56b10c8)

https://github.com/krb5/krb5/commit/c9a83ad0788163bec4969a8975f0d3fb748689a6
Author: Anthony Sottile <anthony.sottile@sentry.io>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: c9a83ad0788163bec4969a8975f0d3fb748689a6
Branch: krb5-1.21
src/lib/krb5/ccache/cc_api_macos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)