Memory leaks below CryptQueryObject on Chromium net_unittests #475
Comments
|
From timurrrr@google.com on June 24, 2011 07:33:35 Reproducible on the attached repro (extracted from Chromium sources). Ryan, does this leak report look like a false positive to you? Cc: rsleevi@chromium.org Attachment: test.cpp |
|
From rsleevi@chromium.org on June 24, 2011 20:59:45 timur: Is there a getting started page for Dr. Memory + Chrome to run these tests? With the repro you provided, there is a leak. If you were to look at the results of CryptCloseStore (a BOOL), you should find it's failing. The reason is that the OSCertHandles in |results| are not being freed. Lines 128-135 allocate the new handle (by inserting into the new store), which is stored in |results| at lines 141 / 163. Update lines 163+164 to read AddCertsFromStore(out_store, &results); With that updated code, does Dr. Memory still report a leak? |
|
From timurrrr@google.com on June 27, 2011 10:15:01
I'll have a look at the proposed fix tomorrow (had to stay at home for a few days) |
|
From rsleevi@chromium.org on July 01, 2011 18:06:35 timurrrr: I still see the errors with my suggested fix applied, so I don't think it was related to the cert leaking (although it doesn't hurt) I'm wondering now if it's related somehow to the function CryptInstallDefaultContext - http://msdn.microsoft.com/en-us/library/aa380213(VS.85).aspx . Based on the symbolicated callstacks I see on Win XP and Win 7, it appears as if the leak is related to the acquisition of the default HCRYPTPROV used to perform cryptographic verification. This would suggest a false positive, because what I suspect is happening is CryptoAPI is installing itself (or more aptly, the Microsoft CSP) without setting CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG. Plausible? |
|
From bruen...@google.com on July 07, 2011 07:40:52 can you track down where it's being stored and why the leak scan is missing it: perhaps tweak the repro to pass the *_RELEASE_FLAG and watch where it pulls the pointer from. |
|
From timurrrr@google.com on August 09, 2011 09:08:50 The same leak is reported on a smaller repro which does just CryptQueryObject and then CertCloseStore. [attached] Interestingly, there is just one leak if I loop through the main() contents 5 times Status: Started Attachment: 475.cpp |
|
From timurrrr@google.com on August 09, 2011 09:13:41 Derek, can you please check my reasoning? http://read.pudn.com/downloads3/sourcecode/crypt/11366/ntcrypto/inc/manage.h__.htm BOOL NTLMakeItem(HCRYPTKEY *phKey, BYTE bTypeValue, void *NewData); windbg: => so even if the chunk is still addressable [e.g. it's a singleton analog], we can't find it during our leak scan |
|
From bruen...@google.com on August 09, 2011 10:14:22 probably it's being encoded to add some simple security. |
|
From timurrrr@google.com on August 10, 2011 03:27:00 I think we should just suppress them then... btw, on Win7 the code is basically the same: rsaenh!NTLMakeItem: |
From timurrrr@google.com on June 24, 2011 09:46:01
$ tools\valgrind\chrome_tests.bat -t net --tool drmemory --gtest_filter="X509_CanParse_"
(Chromium r90363 )
w/o symbols
LEAK 8 direct bytes 0x00175748-0x00175750 + 488 indirect bytes
#1 DllUnregisterServer RSAENH.dll+0x21ed7
#2 CPAcquireContext RSAENH.dll+0x11361
#3 CPReleaseContext RSAENH.dll+0xf988
#4 CPAcquireContext RSAENH.dll+0xfb7a
#5 CryptAcquireContextA ADVAPI32.dll+0x17caf
#6 CryptEnumOIDFunction CRYPT32.dll+0xaa36
#7 CryptMsgOpenToDecode CRYPT32.dll+0x1fb97
#8 CertAddEncodedCRLToStore CRYPT32.dll+0x2d3fe
#9 CryptQueryObject CRYPT32.dll+0x2541c
#10 net::
anonymous namespace'::ParsePKCS7 c:\chromium\src\net\base\x509_certificate_win.cc:458 \#11 net::X509Certificate::CreateOSCertHandlesFromBytes c:\chromium\src\net\base\x509_certificate_win.cc:968 \#12 net::X509Certificate::CreateCertificateListFromBytes c:\chromium\src\net\base\x509_certificate.cc:329 \#13 net::CreateCertificateListFromFile c:\chromium\src\net\base\x509_certificate_unittest.cc:182 \#14 net::X509CertificateParseTest_CanParseFormat_Test::TestBody c:\chromium\src\net\base\x509_certificate_unittest.cc:1048 \---- with symbols LEAK 8 direct bytes 0x00175748-0x00175750 + 488 indirect bytes \# 1 ContAlloc RSAENH.dll+0x21ed7 \# 2 NTLMakeItem RSAENH.dll+0x11361 \# 3 NTagLogonUser RSAENH.dll+0xf988 \# 4 CPAcquireContext RSAENH.dll+0xfb7a \# 5 CryptAcquireContextA ADVAPI32.dll+0x17caf \# 6 I_CryptGetDefaultCryptProv CRYPT32.dll+0xaa36 \# 7 CryptMsgOpenToDecode CRYPT32.dll+0x1fb97 \# 8 I_CryptQueryObject CRYPT32.dll+0x2d3fe \# 9 CryptQueryObject CRYPT32.dll+0x2541c \#10 net::anonymous namespace'::ParsePKCS7 c:\chromium\src\net\base\x509_certificate_win.cc:458#11 net::X509Certificate::CreateOSCertHandlesFromBytes c:\chromium\src\net\base\x509_certificate_win.cc:968
#12 net::X509Certificate::CreateCertificateListFromBytes c:\chromium\src\net\base\x509_certificate.cc:329
#13 net::CreateCertificateListFromFile c:\chromium\src\net\base\x509_certificate_unittest.cc:182
#14 net::X509CertificateParseTest_CanParseFormat_Test::TestBody c:\chromium\src\net\base\x509_certificate_unittest.cc:1048
Original issue: http://code.google.com/p/drmemory/issues/detail?id=475
The text was updated successfully, but these errors were encountered: