http-sniffer icon indicating copy to clipboard operation
http-sniffer copied to clipboard
verified publisher icon caesar0301

Leaking memory on live capture

Open julsemaan opened this issue 10 years ago • 12 comments

What do you require me to provide ?

julsemaan avatar Sep 18 '15 22:09 julsemaan

Do you locate the leak?

caesar0301 avatar Sep 19 '15 01:09 caesar0301

I also encountered segment fault in online mode. But that is too rare to locate the leak. Hope we can find it out together.

caesar0301 avatar Sep 19 '15 02:09 caesar0301

I'm not so expert in C (not to say I'm bad)

I'll give it a shot but I'm not too confident I'll get it

julsemaan avatar Sep 19 '15 02:09 julsemaan

Don't worry about programming. Should you get any traces trigger that, you can send me for further check. : )

caesar0301 avatar Sep 19 '15 02:09 caesar0301

Seems part of it is in http_request_free where not everthing is freed properly

diff --git a/src/http.c b/src/http.c
index f571e5b..52b78de 100644
--- a/src/http.c
+++ b/src/http.c
@@ -237,6 +237,20 @@ http_request_free(request_t *r)
                free(r->content_type);
        if(r->content_encoding != NULL)
                free(r->content_encoding);
+       if(r->content_length != NULL)
+               free(r->content_length);
+       if(r->connection != NULL)
+               free(r->connection);
+       if(r->accept != NULL)
+               free(r->accept);
+       if(r->accept_encoding != NULL)
+               free(r->accept_encoding);
+       if(r->accept_language != NULL)
+               free(r->accept_language);
+       if(r->accept_charset != NULL)
+               free(r->accept_charset);
+       if(r->cookie != NULL)
+               free(r->cookie);
        free(r);
 }

This is the biggest leak.

I found that not all malloc in http_new are freed and when I looked in the code it seems that it would be missing flow_free calls but these are much less obvious to find.

Here is what valgrind has to say about it :

==6405== 10,343 (728 direct, 9,615 indirect) bytes in 7 blocks are definitely lost in loss record 40 of 50
==6405==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6405==    by 0x40770B: check_malloc (in /home/julien/Documents/code/http-sniffer/bin/http-sniffer)
==6405==    by 0x403BE5: http_new (in /home/julien/Documents/code/http-sniffer/bin/http-sniffer)
==6405==    by 0x402414: flow_extract_http (in /home/julien/Documents/code/http-sniffer/bin/http-sniffer)
==6405==    by 0x40637F: process_flow_queue (in /home/julien/Documents/code/http-sniffer/bin/http-sniffer)
==6405==    by 0x4E3F181: start_thread (pthread_create.c:312)
==6405==    by 0x559847C: clone (clone.S:111)

Let me know

julsemaan avatar Sep 19 '15 03:09 julsemaan

Yeah I think you get the point. I will walk through and check the memory free tomorrow.

caesar0301 avatar Sep 19 '15 15:09 caesar0301

http message leak fixed (f71d4ffe33a5be889fd4757c10edae67e6d1fcf1) and check other malloc and free over. If other errors found, let me know. Thanks you : )

caesar0301 avatar Sep 21 '15 09:09 caesar0301

Much much better with that commit.

Still seems that the flow leak is there.

There is memory not freed with mallocs from http_new

Here is the full valgrind report : http://pastebin.com/WzWk8m8M

I broke 'Ctrl-C' the process to stop it if it makes any difference but the process was consuming more and more memory before I stopped it

julsemaan avatar Sep 22 '15 01:09 julsemaan

Any progress on that ?

julsemaan avatar Oct 05 '15 21:10 julsemaan

Sry for late response. I was away for my vacation last days. I will check your findings and make it correct. Thanks!

caesar0301 avatar Oct 13 '15 01:10 caesar0301

The valgrind report link is outdated. Could you give me a new one? I think I can locate the problem quickly with some clear clue.

caesar0301 avatar Oct 13 '15 02:10 caesar0301

New pastebin link : http://pastebin.com/qdTQ91cV

julsemaan avatar Oct 15 '15 22:10 julsemaan