Bug #1753

mod_ssi Memory Leak

Added by Anonymous about 2 years ago. Updated about 2 years ago.

Status:Fixed Start:
Priority:Normal Due date:
Assigned to:- % Done:

0%
Category:mod_ssi
Target version:-
Missing in 1.5.x:

Description

When evaluating expressions, the memory leak has occurred in the IF/ELIF directive of mod_ssi.

The following data is a result(memory usage) of the 'top' command when requesting the sample HTML 10,000 times.

sample1.shtml


<html>
<head><title></title></head>
<body>

lighttpd-1.4.19<br>

</body>
</html>

start:0.3%

end :0.4%

total memory: 256MB

sample2.shtml (contains 'IF' directive)


<html>
<head><title></title></head>
<body>

<!--#if expr="$SERVER_SOFTWARE = 'lighttpd/1.4.19'" -->lighttpd-1.4.19<!--#else -->other<!--#endif --><br>

</body>
</html>

start:0.3%

end :1.1%

total memory: 256MB

The quantity of memory leak is fluctuated with the length(or numbers) of an expression.

Probably, the cause of memory leak is in a grammar file of Lemon.

Although I thought that token_destructor was called by 'VALUE' tarminal symbol, token_destructor was not called.

When a value specifies a 'VALUE' terminal symbol and is passed, leak has occurred without releasing a value.

The following code is my 'mod_ssi_exprperser.y'.


--- mod_ssi_exprparser.y.old    2008-08-19 15:08:12.000000000 +0900
+++ mod_ssi_exprparser.y    2008-08-19 15:08:34.000000000 +0900
@@ -108,11 +108,13 @@

 value(A) ::= VALUE(B). {
   A = buffer_init_string(B->ptr);
+  buffer_free(B);
 }

 value(A) ::= value(B) VALUE(C). {
   A = B;
   buffer_append_string_buffer(A, C);
+  buffer_free(C);
 }

 cond(A) ::= EQ. { A = SSI_COND_EQ; }

It stopped leaking by the above-mentioned correction.

However, I don't know well about the specification of Lemon, I cannot judge whether this is the best method.

Can I have your comments on this?

Thanks.

Reference data: My lighttpd.conf

  • using mod_ssi only.

server.modules              = (
#                               "mod_rewrite",
#                               "mod_redirect",
#                               "mod_alias",
#                               "mod_access",
#                               "mod_cml",
#                               "mod_trigger_b4_dl",
#                               "mod_auth",
#                               "mod_status",
#                               "mod_setenv",
#                               "mod_fastcgi",
#                               "mod_proxy",
#                               "mod_simple_vhost",
#                               "mod_evhost",
#                               "mod_userdir",
#                               "mod_cgi",
#                               "mod_compress",
                               "mod_ssi",
#                               "mod_usertrack",
#                               "mod_expire",
#                               "mod_secdownload",
#                               "mod_rrdtool",
#                               "mod_accesslog" )
                              )

-- Take5k

History

Updated by stbuehler about 2 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

"A = B;" would have done it for the first rule too - applied the modified patch in r2289

Also available in: Atom