[Lognorm] Memory Leak in liblognorm?

John Hopper zinic at jpserver.net
Fri Jul 12 22:27:42 CEST 2013 

Heya!

I noticed in your code that you're calling the estr and ee library to
create events and strings but I don't see any calls to the delete
functions for either.

As far as I know, every time you create a new estr, it copies the
content into a new buffer which will need to be freed. The same applies
for the events created - these will also need to be freed.

-John

On 07/12/2013 03:20 PM, Rainer Gerhards wrote:
> Will do tomorrow
> 
> Sent from phone, thus brief.
> Am 12.07.2013 22:05 schrieb "Champ Clark III" <cclark at quadrantsec.com>:
> 
> I'll have to run on a different box,  as this machine (for whatever
> reason) doesn't play well with valgrind.  I'll do that from a Ubuntu
> VM ASAP.
> 
> If you get a chance,  can you glance and the code and see if I'm
> blatantly and improperly cleaning up incorrectly?
> 
> I'll let you know the results from valgrind ASAP.
> 
> 
> On 7/12/13 4:02 PM, Rainer Gerhards wrote:
>>>> Can you run it under valgrind and tell what it says at end of run?
>>>>
>>>> Sent from phone, thus brief.
>>>>
>>>> Am 12.07.2013 22:00 schrieb "Champ Clark III"
>>>> <cclark at quadrantsec.com <mailto:cclark at quadrantsec.com>>:
>>>>
>>>>
>>>> Hello All!
>>>>
>>>> I've got either a memory leak in liblognorm _or_ I'm not doing
>>>> something correctly.   In Sagan,  we have "processors" that do log
>>>> analysis using other techniques besides "rules".  As part of this
>>>> process,  liblognorm is used pretty heavily.
>>>>
>>>> In the Sagan processor,  if I turn on liblognorm,  Sagan slowly
>>>> starts to consume memory.  However,  if I tell the processor not to
>>>> use liblognorm,  the memory stays consistent.
>>>>
>>>> My thoughts are that I'm not either clean up after using
>>>> liblognorm correctly or liblognorm has a slow memory leak.
>>>>
>>>> My slightly mangled debug/Sagan code is at:
>>>>
>>>> https://github.com/beave/sagan/blob/master/src/sagan-liblognorm.c
>>>>
>>>> I think the problem is in the sagan_normalize_liblognorm()
>>>> function. Near the end,  I've tried various ways to clean up, but
>>>> with no affect.  (ee_deleteEvent(), free(), etc)
>>>>
>>>> Any ideas would be greatly appreciated.
>>>>
>>>>
>>>> _______________________________________________ Lognorm mailing
>>>> list Lognorm at lists.adiscon.com <mailto:Lognorm at lists.adiscon.com>
>>>> http://lists.adiscon.net/mailman/listinfo/lognorm
>>>>
>>>>
>>>>
>>>> _______________________________________________ Lognorm mailing
>>>> list Lognorm at lists.adiscon.com
>>>> http://lists.adiscon.net/mailman/listinfo/lognorm
>>>>
> 
>> _______________________________________________
>> Lognorm mailing list
>> Lognorm at lists.adiscon.com
>> http://lists.adiscon.net/mailman/listinfo/lognorm
>>
> 
> 
> 
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
>

More information about the Lognorm mailing list