Re: [xml] Memory leaks

From: Nick Wellnhofer <wellnhofer aevum de>
To: xml gnome org
Subject: Re: [xml] Memory leaks
Date: Mon, 25 Aug 2014 12:31:58 +0200

On 25/08/2014 11:33, Iñigo Martínez wrote:

Hi,

I have been looking at the memory usage of my programs using libxml2 y
using valgrind, and I have seen these messages:

==22134== Invalid read of size 8
==22134==    at 0x519482F: xmlFreeNode (in
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1)
==22134==    by 0x400A02: main (test-command.c:51)
==22134==  Address 0x7715ef8 is 152 bytes inside a block of size 176 free'd
==22134==    at 0x4C29730: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22134==    by 0x5194391: xmlFreeDoc (in
/usr/lib/x86_64-linux-gnu/libxml2.so.2.9.1)
==22134==    by 0x54A4BBD: xml_msg_get_msg (xml-message.c:111)
==22134==    by 0x4009CA: main (test-command.c:44)


This is not a memory leak but a use-after-free error.

These messages correspond to this code:

xml-message.c 111

     xmlNodePtr
     xml_msg_get_msg (const char *str) {
         xmlDoc *doc;
         xmlNodePtr msg;

         if (!(doc = xmlRecoverDoc (BAD_CAST str)))
             return NULL;

         msg = xmlDocGetRootElement (doc);
         xmlUnlinkNode (msg);
         xmlFreeDoc (doc);

         return msg;
     }

test-command.c 44 and 51

     xmlNodePtr node;
     node = xml_msg_get_msg ("<Command Timestamp=\"0\"
ReceptionTimeStamp=\"0\" Sender=\"P1\"
Receiver=\"P2\"><GetData/></Command>");
     xmlFreeNode (node);

Any idea on why I'm leaking memory ?

If you unlink a node, it still keeps a pointer to the original document'sdictionary (interned string table). So you shouldn't free the document untilyou finished processing the node. Alternatively, you could copy the node toanother (dummy) document.


Nick

Follow-Ups:
- Re: [xml] Memory leaks
  - From: Iñigo Martínez

References:
- [xml] Memory leaks
  - From: Iñigo Martínez

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]