Path: csiph.com!aioe.org!newsfeed1.swip.net!uio.no!news.tele.dk!news.tele.dk!small.news.tele.dk!usenet.stanford.edu!not-for-mail
From: Chet Ramey <chet.ramey@case.edu>
Newsgroups: gnu.bash.bug
Subject: Re: bash leaks a pointer
Date: Wed, 15 Jul 2015 10:18:50 -0400
Lines: 36
Approved: bug-bash@gnu.org
Message-ID: <mailman.6956.1436969948.904.bug-bash@gnu.org>
References: <55A619E9.4030605@redhat.com>
Reply-To: chet.ramey@case.edu
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1436969948 20378 208.118.235.17 (15 Jul 2015 14:19:08 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: chet.ramey@case.edu
To: Ondrej Oprala <ooprala@redhat.com>, bug-bash@gnu.org
Envelope-to: bug-bash@gnu.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
In-Reply-To: <55A619E9.4030605@redhat.com>
X-Junkmail-Status: score=10/50, host=mpv5.cwru.edu
X-Junkmail-Whitelist: YES (by domain whitelist at mpv1.tis.cwru.edu)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
X-Received-From: 129.22.105.36
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: aioe.org gnu.bash.bug:11214

On 7/15/15 4:29 AM, Ondrej Oprala wrote:
> $ export LC_ALL=en_US.UTF-8
> $ valgrind --leak-check=full /bin/bash -c 'exit 0'
> #<snip>
> ==4190== HEAP SUMMARY:
> ==4190==     in use at exit: 22,269 bytes in 614 blocks
> ==4190==   total heap usage: 698 allocs, 84 frees, 29,706 bytes allocated
> ==4190==
> ==4190== 12 bytes in 1 blocks are definitely lost in loss record 77 of 218
> ==4190==    at 0x4C28C10: malloc (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==4190==    by 0x18928F: xmalloc (in /usr/bin/bash)
> ==4190==    by 0x18306A: set_default_locale (in /usr/bin/bash)
> ==4190==    by 0x1360B0: main (in /usr/bin/bash)
> ==4190==
> #</snip>
> 
> set_default_locale leaks a pointer (alloced by savestring()) if LC_ALL is
> non-empty. Currently, I don't
> see the "default_locale" var used anywhere in the code base, the only
> ocurrence is in a "#if 0" directive.

Bash keeps a `clean' copy of the default locale for its own purposes.  The
return value of setlocale() is not well defined: the string it returns may
or may not be allocated with malloc.  Posix says you can't count on it
remaining unmodified across subsequent calls to setlocale().  To avoid
problems with pointers to freed memory, bash has to make a copy of the
default locale in a newly-allocated string.  If setlocale() uses malloc to
allocate the pointer it returns, that can be a leak, but there's no good
way to determine that.

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/