Package: curlftpfs
Version: 0.9.1-3+b2
Severity: important
Tags: patch

After downloading several files of several megabytes each, curlftpfs eats up 
all available RAM, and is killed by the kernel OOM_killer.
I then compiled my own unstripped version for debugging purposes, A short run 
under valgrind says (among other less-important leaks) :

==11954== 4,039,584 bytes in 10 blocks are possibly lost in loss record 39 of 39
==11954== at 0x4024D12: realloc (vg_replace_malloc.c:476)
==11954== by 0x804A5E9: buf_add_mem (ftpfs.c:73)
==11954== by 0x804A677: read_data (ftpfs.c:238)
==11954== by 0x41247B7: Curl_client_write (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x4137B79: Curl_readwrite (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x413EFD3: multi_runsingle (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x413F578: curl_multi_perform (in /usr/lib/libcurl-gnutls.so.4.1.1)
==11954== by 0x804BF13: ftpfs_read_chunk (ftpfs.c:406)
==11954== by 0x804C359: ftpfs_read (ftpfs.c:837)
==11954== by 0x40F065D: fuse_fs_read (in /lib/libfuse.so.2.7.4)
==11954== by 0x40F6543: ??? (in /lib/libfuse.so.2.7.4)
==11954== by 0x40FB83B: ??? (in /lib/libfuse.so.2.7.4)

I tracked down the problem to be in the free_ftpfs_file() function, where the 
passed ftpfs_file structure is not correctly freed. More specifically the two 
uint8_t *p of the 2 struct buffer contained in the ftpfs_file structure.
This means - if I am right - that all the files read on the FTP are kept into 
curlftpfs memory space for ever... which will undoubtedly lead to big problems 
when a lot of files are read from the FTP server.

Attached is a patch that fixes it.

This bug was first submitted upstream, but no answer has ever been received, 
even 6 months later 
(http://sourceforge.net/tracker/?func=detail&aid=2924678&group_id=160565&atid=816357).

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.29.2-grsec2.1.14-vs2.3.0.36.12-tarpit
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages curlftpfs depends on:
pn  fuse-utils      <none>                   (no description available)
ii  libc6           2.7-18lenny4             GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
pn  libcurl3-gnutls <none>                   (no description available)
pn  libfuse2        <none>                   (no description available)
ii  libgcrypt11     1.4.1-1                  LGPL Crypto library - runtime libr
pn  libglib2.0-0    <none>                   (no description available)
pn  libgnutls13     <none>                   (no description available)
ii  libgpg-error0   1.4-2                    library for common error values an
ii  libidn11        1.8+20080606-1           GNU libidn library, implementation
ii  libkrb53        1.6.dfsg.4~beta1-5lenny4 MIT Kerberos runtime libraries
ii  libtasn1-3      1.4-1                    Manage ASN.1 structures (runtime)
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

curlftpfs recommends no packages.

curlftpfs suggests no packages.
--- ftpfs.c     2008-04-30 01:05:47.000000000 +0200
+++ ftpfs.c.slesimple   2010-01-01 22:12:10.000000000 +0100
@@ -615,6 +615,8 @@ static void free_ftpfs_file(struct ftpfs
   sem_destroy(&fh->data_need);
   sem_destroy(&fh->data_written);
   sem_destroy(&fh->ready);
+  if (fh->buf.size) { buf_free(&fh->buf); }
+  if (fh->stream_buf.size) { buf_free(&fh->stream_buf); }
   free(fh);
 }
 

Reply via email to