tags 572261 + patch thanks Okay, this one doesn't leak *or* crash, so I think it's at least vaguely correct. :)
Valgrind was getting confused by the memory buffers and blaming slirp_input(), since that's where the original malloc() (via m_get) occurs. (Is that buffering really necessary? Last I heard, GNU libc takes steps to prevent memory fragmentation by doing its own internal overallocation and handing out pieces of that to malloc() calls.) The real source of the leak were in places like tcp_output() and others, which prepare buffers for if_output(). They get queued for sending, and eventually dequeued, but never m_free()d. I'm not sure if the VDE developers intended for the m_free() to go in if_output() or if_encap(), but it's not in either, and that's the actual source of the leak.
diff --git a/src/slirpvde/if.c b/src/slirpvde/if.c
index 7c7ca21..5b9f70e 100644
--- a/src/slirpvde/if.c
+++ b/src/slirpvde/if.c
@@ -318,6 +318,7 @@ again:
/* Encapsulate the packet for sending */
if_encap(ifm->m_data, ifm->m_len);
+ m_freem(ifm);
if (if_queued)
goto again;
signature.asc
Description: Digital signature
