BUG #2684: Memory leak in libpq

The following bug has been logged online:

Bug reference: 2684
Logged by: Milen A. Radev
Email address: milen(at)radev(dot)net
PostgreSQL version: 8.1.4
Operating system: Debian 3.1
Description: Memory leak in libpq
Details:

Source:

#include <stdio.h>
#include <libpq-fe.h>

int main(int argc, char *argv[])
{
PGconn *pgcon;
int i;
int count = 1;

if(argc > 1)
{
count = atoi(argv[1]);
if(count < 1)
{
count = 1;
}
}

for(i = 0; i < count; i++)
{
pgcon = PQsetdbLogin("mydbserver", "5432", "", "", "mydb", "myuser",
"mypass");

printf("[%d] Successfuly opened connection to the database: pgcon=%p\n",
i, pgcon);

if(PQstatus(pgcon) != CONNECTION_OK)
{
printf("Failed to open connection to the database. Reason: %s\n",
PQerrorMessage(pgcon));
PQfinish(pgcon);
return -1;
}

printf("[%d] Closing the connection: pgcon=%p\n", i, pgcon);

PQfinish(pgcon);
}

return 0;
}

Compile and link:

#gcc -I/usr/local/pgsql/include -o pgtest pgtest.c -L/usr/local/pgsql/lib
-lpq

Valgring output:

#valgrind --tool=memcheck --leak-check=yes --show-reachable=yes
--num-callers=20 --error-limit=no ./pgtest 1
==23845== Memcheck, a memory error detector.
==23845== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==23845== Using LibVEX rev 1658, a library for dynamic binary translation.
==23845== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==23845== Using valgrind-3.2.1, a dynamic binary instrumentation framework.
==23845== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==23845== For more details, rerun with: -v
==23845==
--23845-- DWARF2 CFI reader: unhandled CFI instruction 0:50
--23845-- DWARF2 CFI reader: unhandled CFI instruction 0:50
[0] Successfuly opened connection to the database: pgcon=0x41c8028
[0] Closing the connection: pgcon=0x41c8028
==23845== Invalid free() / delete / delete[]
==23845== at 0x401C285: free (vg_replace_malloc.c:233)
==23845== by 0x414CA3B: (within /lib/tls/libc-2.3.2.so)
==23845== by 0x414C6C4: __libc_freeres (in /lib/tls/libc-2.3.2.so)
==23845== by 0x40184BA: _vgnU_freeres (vg_preloaded.c:60)
==23845== by 0x406A1C5: exit (in /lib/tls/libc-2.3.2.so)
==23845== by 0x405497D: (below main) (in /lib/tls/libc-2.3.2.so)
==23845== Address 0x4026518 is not stack'd, malloc'd or (recently) free'd
==23845==
==23845== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 27 from 2)
==23845== malloc/free: in use at exit: 156 bytes in 11 blocks.
==23845== malloc/free: 124 allocs, 114 frees, 44,465 bytes allocated.
==23845== For counts of detected errors, rerun with: -v
==23845== searching for pointers to 11 not-freed blocks.
==23845== checked 271,364 bytes.
==23845==
==23845==
==23845== 156 (36 direct, 120 indirect) bytes in 1 blocks are definitely
lost in loss record 1 of 3
==23845== at 0x401B6EE: malloc (vg_replace_malloc.c:149)
==23845== by 0x4126EE6: (within /lib/tls/libc-2.3.2.so)
==23845== by 0x4126788: __nss_database_lookup (in
/lib/tls/libc-2.3.2.so)
==23845== by 0x42CAAFB: ???
==23845== by 0x40E7D4B: getpwuid_r (in /lib/tls/libc-2.3.2.so)
==23845== by 0x40E7590: getpwuid (in /lib/tls/libc-2.3.2.so)
==23845== by 0x403BD0B: pqGetpwuid (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402BF77: pg_fe_getauthname (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402DEE6: conninfo_parse (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402E123: connectOptions1 (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402EEE3: PQsetdbLogin (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x804864D: main (in /home/slav/rate_engine/pgtest)
==23845==
==23845==
==23845== 40 bytes in 5 blocks are indirectly lost in loss record 2 of 3
==23845== at 0x401B6EE: malloc (vg_replace_malloc.c:149)
==23845== by 0x4126AAD: __nss_lookup_function (in
/lib/tls/libc-2.3.2.so)
==23845== by 0x42CAB21: ???
==23845== by 0x40E7D4B: getpwuid_r (in /lib/tls/libc-2.3.2.so)
==23845== by 0x40E7590: getpwuid (in /lib/tls/libc-2.3.2.so)
==23845== by 0x403BD0B: pqGetpwuid (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402BF77: pg_fe_getauthname (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402DEE6: conninfo_parse (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402E123: connectOptions1 (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402EEE3: PQsetdbLogin (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x804864D: main (in /home/slav/rate_engine/pgtest)
==23845==
==23845==
==23845== 80 bytes in 5 blocks are indirectly lost in loss record 3 of 3
==23845== at 0x401B6EE: malloc (vg_replace_malloc.c:149)
==23845== by 0x4115143: tsearch (in /lib/tls/libc-2.3.2.so)
==23845== by 0x4126A6E: __nss_lookup_function (in
/lib/tls/libc-2.3.2.so)
==23845== by 0x42CAB21: ???
==23845== by 0x40E7D4B: getpwuid_r (in /lib/tls/libc-2.3.2.so)
==23845== by 0x40E7590: getpwuid (in /lib/tls/libc-2.3.2.so)
==23845== by 0x403BD0B: pqGetpwuid (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402BF77: pg_fe_getauthname (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402DEE6: conninfo_parse (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402E123: connectOptions1 (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x402EEE3: PQsetdbLogin (in
/usr/local/pgsql-8.1.4/lib/libpq.so.4.1)
==23845== by 0x804864D: main (in /home/slav/rate_engine/pgtest)
==23845==
==23845== LEAK SUMMARY:
==23845== definitely lost: 36 bytes in 1 blocks.
==23845== indirectly lost: 120 bytes in 10 blocks.
==23845== possibly lost: 0 bytes in 0 blocks.
==23845== still reachable: 0 bytes in 0 blocks.
==23845== suppressed: 0 bytes in 0 blocks.

The same test programme has grown (after ~1 million iterations) from 2KB to
around 40MB used physical memory (as reported by "top").

We've tested the libraries from the "libpq-dev" (8.1.4-6~bpo.1) package from
backports.org and the libraries built from source (8.1.4).