cURL / Mailing Lists / curl-library / Single Mail

curl-library

scp upload failure memory leak

From: Jeff Weber <jweber_at_amsc.com>
Date: Tue, 20 May 2008 11:22:41 -0500

I found a leak when the scp upload times out, due to CURLOPT_TIMEOUT.
It looks like the LIBSSH2_CHANNEL is leaked. Details below.

Perhaps an excursion through the SSH_SCP_CHANNEL_FREE state could be added.
Or the SSH_SESSION_DISCONNECT state could call libssh2_channel_free() if the
channel pointer is not null.

my config:
interface: easy
libraries: curl-7.18.1, libssh2-0.18,
arch: i686
Linux: 2.4.27
gcc: gcc-3.3.6 (note: code is C++)

    Jeff

Here's the valgrind output:

==00:00:01:21.323 3986== 19 bytes in 1 blocks are indirectly lost in loss
record
 1 of 3
 ==00:00:01:21.323 3986== at 0x401B504: malloc (vg_replace_malloc.c:149)
 ==00:00:01:21.323 3986== by 0x804E165: curl_domalloc (memdebug.c:136)
 ==00:00:01:21.323 3986== by 0x806D6B0: libssh2_malloc (ssh.c:281)
 ==00:00:01:21.324 3986== by 0x8087692: libssh2_channel_open_ex
 (channel.c:154
 )
 ==00:00:01:21.324 3986== by 0x808DBAB: libssh2_scp_send_ex (scp.c:599)
 ==00:00:01:21.324 3986== by 0x8070B19: ssh_statemach_act (ssh.c:1748)
 ==00:00:01:21.324 3986== by 0x80710D1: ssh_easy_statemach (ssh.c:1959)
 ==00:00:01:21.324 3986== by 0x80712C6: scp_perform (ssh.c:2081)
 ==00:00:01:21.324 3986== by 0x8071400: ssh_do (ssh.c:2139)
 ==00:00:01:21.324 3986== by 0x80597E2: Curl_do (url.c:4566)
 ==00:00:01:21.324 3986== by 0x8062A0E: Curl_perform (transfer.c:2364)
 ==00:00:01:21.324 3986== by 0x804D830: curl_easy_perform (easy.c:509)
 ==00:00:01:21.325 3986== by 0x804B88B:
 AMSC::CFileXferImple::upload(std::list
 <std::string, std::allocator<std::string> > const&, std::string const&, bool)
 (a
 mscfilexfer.cpp:324)
 ==00:00:01:21.325 3986== by 0x804C138:
 AMSC::CFileXfer::upload(std::list<std:
 :string, std::allocator<std::string> > const&, std::string const&, bool)
 (amscfi
 lexfer.cpp:570)
 ==00:00:01:21.325 3986== by 0x804CD97: main (xfer_main.cpp:162)
 ==00:00:01:21.325 3986==
 ==00:00:01:21.325 3986==
 ==00:00:01:21.325 3986== 299 (280 direct, 19 indirect) bytes in 1 blocks are
 def
 initely lost in loss record 2 of 3
 ==00:00:01:21.325 3986== at 0x401B504: malloc (vg_replace_malloc.c:149)
 ==00:00:01:21.326 3986== by 0x804E165: curl_domalloc (memdebug.c:136)
 ==00:00:01:21.326 3986== by 0x806D6B0: libssh2_malloc (ssh.c:281)
 ==00:00:01:21.326 3986== by 0x8087661: libssh2_channel_open_ex
 (channel.c:144
 )
 ==00:00:01:21.326 3986== by 0x808DBAB: libssh2_scp_send_ex (scp.c:599)
 ==00:00:01:21.326 3986== by 0x8070B19: ssh_statemach_act (ssh.c:1748)
 ==00:00:01:21.326 3986== by 0x80710D1: ssh_easy_statemach (ssh.c:1959)
 ==00:00:01:21.326 3986== by 0x80712C6: scp_perform (ssh.c:2081)
 ==00:00:01:21.326 3986== by 0x8071400: ssh_do (ssh.c:2139)
 ==00:00:01:21.326 3986== by 0x80597E2: Curl_do (url.c:4566)
 ==00:00:01:21.326 3986== by 0x8062A0E: Curl_perform (transfer.c:2364)
 ==00:00:01:21.326 3986== by 0x804D830: curl_easy_perform (easy.c:509)
 ==00:00:01:21.327 3986== by 0x804B88B:
 AMSC::CFileXferImple::upload(std::list
 <std::string, std::allocator<std::string> > const&, std::string const&, bool)
 (a
 mscfilexfer.cpp:324)
 ==00:00:01:21.327 3986== by 0x804C138:
 AMSC::CFileXfer::upload(std::list<std:
 :string, std::allocator<std::string> > const&, std::string const&, bool)
 (amscfi
 lexfer.cpp:570)
 ==00:00:01:21.327 3986== by 0x804CD97: main (xfer_main.cpp:162)
 ==00:00:01:21.327 3986==
 ==00:00:01:21.327 3986==
 ==00:00:01:21.327 3986== 832 bytes in 12 blocks are still reachable in loss
 reco
 rd 3 of 3
 ==00:00:01:21.328 3986== at 0x401B504: malloc (vg_replace_malloc.c:149)
 ==00:00:01:21.328 3986== by 0x80B08AD: default_malloc_ex (in
 /root/amsclib/xf
 er)
 ==00:00:01:21.328 3986==
 ==00:00:01:21.328 3986== LEAK SUMMARY:
 ==00:00:01:21.328 3986== definitely lost: 280 bytes in 1 blocks.
 ==00:00:01:21.328 3986== indirectly lost: 19 bytes in 1 blocks.
 ==00:00:01:21.328 3986== possibly lost: 0 bytes in 0 blocks.

Here's the curl debug output:

...
************************
[successful scp upload]
* Re-using existing connection! (#0) with host host
* Connected to host (172.26.0.251) port 22 (#0)
* DO phase starts
* SFTP 0x42a4778 state change from SSH_STOP to SSH_SCP_TRANS_INIT
* SFTP 0x42a4778 state change from SSH_SCP_TRANS_INIT to SSH_SCP_UPLOAD_INIT
* SFTP 0x42a4778 state change from SSH_SCP_UPLOAD_INIT to SSH_STOP
* DO phase is complete
* SFTP 0x42a4778 state change from SSH_STOP to SSH_SCP_DONE
* SFTP 0x42a4778 state change from SSH_SCP_DONE to SSH_SCP_SEND_EOF
* SFTP 0x42a4778 state change from SSH_SCP_SEND_EOF to SSH_SCP_WAIT_EOF
* SFTP 0x42a4778 state change from SSH_SCP_WAIT_EOF to SSH_SCP_WAIT_CLOSE
* Channel failed to close: 1
* SFTP 0x42a4778 state change from SSH_SCP_WAIT_CLOSE to SSH_SCP_CHANNEL_FREE
* SCP DONE phase complete
* SFTP 0x42a4778 state change from SSH_SCP_CHANNEL_FREE to SSH_STOP
* Connection #0 to host host left intact

************************
[timeout scp upload]
* Re-using existing connection! (#0) with host host
* Connected to host (172.26.0.251) port 22 (#0)
* DO phase starts
* SFTP 0x42a4778 state change from SSH_STOP to SSH_SCP_TRANS_INIT
* SFTP 0x42a4778 state change from SSH_SCP_TRANS_INIT to SSH_SCP_UPLOAD_INIT
* SFTP 0x42a4778 state change from SSH_SCP_UPLOAD_INIT to SSH_STOP
* DO phase is complete
* Operation timed out after 60000 milliseconds with 0 bytes received
* SFTP 0x42a4778 state change from SSH_STOP to SSH_SESSION_DISCONNECT
* SFTP 0x42a4778 state change from SSH_SESSION_DISCONNECT to SSH_SESSION_FREE
* SFTP 0x42a4778 state change from SSH_SESSION_FREE to SSH_STOP
* Closing connection #0
* Timeout was reached
Received on 2008-05-20