Ale*_*lex 11 c++ windows openssl memory-leaks static-libraries
在我的OpenSSL客户端中,我遇到的问题是,当我选择静态链接libeay32和ssleay32而非动态链接时,我从Visual Leak Detector获得了大量的内存泄漏错误.我在这个帖子中复制了来自OP的命令,但我还剩6个.然后我sk_SSL_COMP_free(SSL_COMP_get_compression_methods());按照4LegsDrivenCat的建议在同一个线程中添加,只留下了4个,所有这些都显然与加载我用来与服务器证书进行比较的可信证书相关.
我使用Visual Studio 2013 Express,OpenSSL 1.0.1L(32位和64位),VLD 2.4RC2和我的PC是Windows 7 64位.
下面的调用堆栈是安全模式下VLD的64位.32位VLD在安全模式下崩溃(虽然它在快速模式下工作,但不会产生一个像样的callstack).我删除了引用我自己的函数的调用栈的部分以及十六进制数据.
Visual Leak Detector Version 2.4RC2 installed.
WARNING: Visual Leak Detector detected memory leaks!
---------- Block 5671 at 0x000000000097E9B0: 180 bytes ----------
Leak Hash: 0xA14DA3AA, Count: 1, Total 180 bytes
Call Stack (TID 7088):
0x000000007746FAC0 (File and line number not available): ntdll.dll!RtlAllocateHeap
f:\dd\vctools\crt\crtw32\heap\malloc.c (58): MyLib.dll!_heap_alloc_base
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (431): MyLib.dll!_heap_alloc_dbg_impl + 0xA bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (239): MyLib.dll!_nh_malloc_dbg_impl + 0x22 bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (302): MyLib.dll!_nh_malloc_dbg + 0x2A bytes
f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): MyLib.dll!malloc + 0x21 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\mem.c (312): MyLib.dll!CRYPTO_malloc + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\lhash\lhash.c (121): MyLib.dll!lh_new + 0x16 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (450): MyLib.dll!int_thread_get + 0x13 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (509): MyLib.dll!int_thread_set_item + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (1031): MyLib.dll!ERR_get_state
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (730): MyLib.dll!ERR_put_error + 0x5 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_lib.c (703): MyLib.dll!PEM_read_bio + 0x20 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_info.c (280): MyLib.dll!PEM_X509_INFO_read_bio + 0x10 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (278): MyLib.dll!X509_load_cert_crl_file
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (123): MyLib.dll!by_file_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_lu.c (120): MyLib.dll!X509_LOOKUP_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_d2.c (92): MyLib.dll!X509_STORE_load_locations + 0x1D bytes
---------- Block 5670 at 0x000000001AC815C0: 164 bytes ----------
Leak Hash: 0x38C8916E, Count: 1, Total 164 bytes
Call Stack (TID 7088):
0x000000007746FAC0 (File and line number not available): ntdll.dll!RtlAllocateHeap
f:\dd\vctools\crt\crtw32\heap\malloc.c (58): MyLib.dll!_heap_alloc_base
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (431): MyLib.dll!_heap_alloc_dbg_impl + 0xA bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (239): MyLib.dll!_nh_malloc_dbg_impl + 0x22 bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (302): MyLib.dll!_nh_malloc_dbg + 0x2A bytes
f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): MyLib.dll!malloc + 0x21 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\mem.c (312): MyLib.dll!CRYPTO_malloc + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\lhash\lhash.c (119): MyLib.dll!lh_new + 0x13 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (450): MyLib.dll!int_thread_get + 0x13 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (509): MyLib.dll!int_thread_set_item + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (1031): MyLib.dll!ERR_get_state
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (730): MyLib.dll!ERR_put_error + 0x5 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_lib.c (703): MyLib.dll!PEM_read_bio + 0x20 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_info.c (280): MyLib.dll!PEM_X509_INFO_read_bio + 0x10 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (278): MyLib.dll!X509_load_cert_crl_file
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (123): MyLib.dll!by_file_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_lu.c (120): MyLib.dll!X509_LOOKUP_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_d2.c (92): MyLib.dll!X509_STORE_load_locations + 0x1D bytes
---------- Block 5669 at 0x000000001ADABE80: 588 bytes ----------
Leak Hash: 0xC3E47B0F, Count: 1, Total 588 bytes
Call Stack (TID 7088):
0x000000007746FAC0 (File and line number not available): ntdll.dll!RtlAllocateHeap
f:\dd\vctools\crt\crtw32\heap\malloc.c (58): MyLib.dll!_heap_alloc_base
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (431): MyLib.dll!_heap_alloc_dbg_impl + 0xA bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (239): MyLib.dll!_nh_malloc_dbg_impl + 0x22 bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (302): MyLib.dll!_nh_malloc_dbg + 0x2A bytes
f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): MyLib.dll!malloc + 0x21 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\mem.c (312): MyLib.dll!CRYPTO_malloc + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (1019): MyLib.dll!ERR_get_state + 0x17 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (730): MyLib.dll!ERR_put_error + 0x5 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_lib.c (703): MyLib.dll!PEM_read_bio + 0x20 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_info.c (280): MyLib.dll!PEM_X509_INFO_read_bio + 0x10 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (278): MyLib.dll!X509_load_cert_crl_file
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (123): MyLib.dll!by_file_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_lu.c (120): MyLib.dll!X509_LOOKUP_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_d2.c (92): MyLib.dll!X509_STORE_load_locations + 0x1D bytes
---------- Block 5672 at 0x000000001ADC4180: 76 bytes ----------
Leak Hash: 0x02B2EA5E, Count: 1, Total 76 bytes
Call Stack (TID 7088):
0x000000007746FAC0 (File and line number not available): ntdll.dll!RtlAllocateHeap
f:\dd\vctools\crt\crtw32\heap\malloc.c (58): MyLib.dll!_heap_alloc_base
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (431): MyLib.dll!_heap_alloc_dbg_impl + 0xA bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (239): MyLib.dll!_nh_malloc_dbg_impl + 0x22 bytes
f:\dd\vctools\crt\crtw32\misc\dbgheap.c (302): MyLib.dll!_nh_malloc_dbg + 0x2A bytes
f:\dd\vctools\crt\crtw32\misc\dbgmalloc.c (56): MyLib.dll!malloc + 0x21 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\mem.c (312): MyLib.dll!CRYPTO_malloc + 0xF bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\lhash\lhash.c (193): MyLib.dll!lh_insert + 0x15 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (515): MyLib.dll!int_thread_set_item
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (1031): MyLib.dll!ERR_get_state
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\err\err.c (730): MyLib.dll!ERR_put_error + 0x5 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_lib.c (703): MyLib.dll!PEM_read_bio + 0x20 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\pem\pem_info.c (280): MyLib.dll!PEM_X509_INFO_read_bio + 0x10 bytes
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (278): MyLib.dll!X509_load_cert_crl_file
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\by_file.c (123): MyLib.dll!by_file_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_lu.c (120): MyLib.dll!X509_LOOKUP_ctrl
d:\cfiles\projects\winssl\openssl-1.0.1l\crypto\x509\x509_d2.c (92): MyLib.dll!X509_STORE_load_locations + 0x1D bytes
Visual Leak Detector detected 4 memory leaks (1008 bytes).
Largest number used: 529114 bytes.
Total allocations: 1070421 bytes.
Visual Leak Detector is now exiting.
编辑: 我将泄漏固定到对SSL_CTX_load_verify_locations的调用.有没有人知道在使用这个功能时我需要取消分配什么?只是注释这个函数会导致泄漏消失,所以这不是因为我传递给它的参数.
jww*_*jww 19
d:\ cfiles \项目\ winssl \的OpenSSL 1.0.1l \加密\ ERR\err.c
继续关注这一点,看起来某些错误状态(或字符串)需要被释放.
如何正确地取消初始化OpenSSL
启动和关闭的代码如下所示(包括FIPS).如果您执行加载DH参数之类的操作,那么您也需要清理它们.
Henson博士非常乐于帮助他提出调用ERR_remove_state每个线程的建议.请参阅清理顺序以避免内存泄漏?在OpenSSL邮件列表上.
启动
SSL_library_init();SSL_load_error_strings();FIPS_mode_set(1);CRYPTO_set_id_callback(<fn>);CRYPTO_set_locking_callback(<fn>);关掉
FIPS_mode_set(0);CRYPTO_set_locking_callback(NULL);CRYPTO_set_id_callback(NULL);ENGINE_cleanup();CONF_modules_unload();ERR_free_strings();EVP_cleanup();CRYPTO_cleanup_all_ex_data();并且,对于每个线程:
ERR_remove_state();您只需要CRYPTO_set_id_callback并且CRYPTO_set_locking_callback您的程序是多线程的.请参见Openssl threads(3)手册页.
我相信你可以调用SSL_COMP_free_compression_methodsOpenSSL 1.0.2及更高版本.这解决了以下一些投诉.但它在OpenSSL 1.0.1及更低版本中不可用.
SSL_COMP_get_compression_methods()...
是的,这会导致泄漏.它众所周知,由于ssl_comp_methods懒惰分配但从未释放.请参阅OpenSSL问题2561:使用SSL内置压缩的内存泄漏.
一些OpenSSL开发人员觉得不值得花时间修复它.请参阅OpenSSL邮件列表上多线程服务器上的小内存泄漏.
以下是开发者的立场之一:
未解除分配并且与执行的操作数无关的固定数量的内存不是内存泄漏.库在一次初始化或首次使用函数期间为进程的生命周期分配内存.这个是正常的.
追踪这一点是浪费时间恕我直言.
这是关于特定泄漏的另一个线程:释放ssl_comp_methods的首选方法?.这是相同的开发者的回应:
为什么有人痴迷于释放最多分配给静态指针的内存一次.没有与此类分配相关的"内存泄漏",因为使用的额外内存量是固定的.
他没有意识到的是Java和.Net将在程序的生命周期中多次加载/卸载库,因此少量"谁在乎"可以无限制地增长.
当他被告知备用用例时,这是他的答复.我想,他建议Oracle和Java重新构建他们的语言.或者不要在其中使用OpenSSL.
卸载共享库通常是不安全的.
以下是维护Java VM的人员的响应:
作为"替代"JavaVM的维护者,我可以确认我们绝对必须支持库卸载,因为一个客户正在大量使用它 - 而这是在几年前.早期的Sun虚拟机不支持库卸载,但是那些虚拟机也没有垃圾收集过时的类.
这里有关于修复ssl_comp_methods泄漏的部分.
在所有情况下,您都需要添加下面描述的补丁.
对于手动执行的程序,只需添加一个名为free_compressions(或类似)的函数,并在关闭时调用它,就像上面列出的所有其他方法一样.该功能需要导出.
要在Linux下自动执行,它需要一点点诡计.你必须使用GCC扩展:__attribute__ ((destructor)).
/* Add to end of <openssl dir>/ssl/ssl_ciph.c */
#if !defined(OPENSSL_NO_COMP) && defined(__GNU_C__)
void free_compressions(void) __attribute__ ((destructor));
void free_compressions(void)
{
if (ssl_comp_methods != NULL)
{
sk_SSL_COMP_free(ssl_comp_methods);
ssl_comp_methods = NULL;
}
}
#endif
要在Windows下自动执行此操作,您必须执行此操作DllMain.但是你必须要小心你做了什么DllMain,以及你是如何做到的.也许是这样的:
/* Add to end of <openssl dir>/ssl/ssl.h*/
#if !defined(OPENSSL_NO_COMP) && defined(WIN32)
__declspec(dllexport)
void free_compressions(void);
#endof
/* Add to end of <openssl dir>/ssl/ssl_ciph.c */
#if !defined(OPENSSL_NO_COMP) && defined(WIN32)
void free_compressions(void)
{
if (ssl_comp_methods != NULL)
{
sk_SSL_COMP_free(ssl_comp_methods);
ssl_comp_methods = NULL;
}
}
#endif
为什么这个帖子被低估?我链接的帖子不太详细,它有10个upvotes(加上我的一个).你们在过去几年变得更加严格了吗?
看一下近距离的原因(目前你不能做),投票结果如下:
寻求调试帮助的问题("为什么这段代码不起作用?")必须包括所需的行为,特定的问题或错误以及在问题本身中重现它所需的最短代码.
通常适用.但在你的情况下,它没有; 对那些不熟悉这个问题的人来说,这一点并不明显.事实上,你可以编写一个简单的程序,只是初始化然后将库单元化,它可能会泄漏......
作为一项政策问题,该网站无法制定规则"除了一些OpenSSL内存泄漏之外总是提供相关代码"(这实际上是我们处理您的案例所需要的).
| 归档时间: |
|
| 查看次数: |
6219 次 |
| 最近记录: |