Summary:ASTERISK-19155: Memory leak in app_voicemail.c when using IMAP
Reporter:Filip Jenicek (phill)Labels:
Date Opened:2012-01-02 05:07:45.000-0600Date Closed:2012-09-05 08:19:07
Versions: Frequency of
Environment:Attachments:( 0) asterisk.patch2
Description:I believe there is a memory leak in app_voicemail.c when using IMAP as the backend. The function inboxcount2 doesn't free the vmu variable which is allocated by the find_user function.
Comments:By: Filip Jenicek (phill) 2012-01-02 05:11:23.767-0600

Patch to fix the issue.

By: Filip Jenicek (phill) 2012-01-02 05:16:40.278-0600

To reproduce the leak you should:
1. Configure a some users with IMAP mailboxes
2. Execute "module reload app_voicemail" a few times
3. Observe occupied memory

This is what I got from valgrind (line numbers might be off a bit):
==5026== 49,792 bytes in 32 blocks are definitely lost in loss record 166 of 172
==5026==    at 0x4023D6E: malloc (vg_replace_malloc.c:207)
==5026==    by 0x5F3B1CF: find_user (utils.h:457)
==5026==    by 0x5F3DD3A: inboxcount2 (app_voicemail_imap.c:2553)
==5026==    by 0x5F3E3F1: append_mailbox (app_voicemail_imap.c:11012)
==5026==    by 0x5F48F9C: load_config (app_voicemail_imap.c:12580)
==5026==    by 0x5F4B065: load_module (app_voicemail_imap.c:13200)
==5026==    by 0x8119AD0: start_resource (loader.c:785)
==5026==    by 0x811A475: load_resource_list (loader.c:973)
==5026==    by 0x811A879: load_modules (loader.c:1126)
==5026==    by 0x8084361: main (asterisk.c:3827)

By: Filip Jenicek (phill) 2012-01-05 01:30:58.158-0600

I've found another memory leak at the same place

==17427== 17,116 bytes in 11 blocks are definitely lost in loss record 146 of 155
==17427==    at 0x4021E22: calloc (vg_replace_malloc.c:397)
==17427==    by 0x612D26A: find_user (utils.h:480)
==17427==    by 0x612FE0A: inboxcount2 (app_voicemail_imap.c:2562)
==17427==    by 0x6136D51: handle_subscribe (app_voicemail_imap.c:11658)
==17427==    by 0x8186F6C: tps_processing_function (taskprocessor.c:310)
==17427==    by 0x819404A: dummy_start (utils.c:1004)
==17427==    by 0x4311F3A: start_thread (in /lib/libpthread-2.7.so)
==17427==    by 0x4294D0D: clone (in /lib/libc-2.7.so)

It happens in the function find_user_realtime_imapuser(), where a flag VM_ALLOCED is set. Immediately after that it is unset by populate_defaults(vmu). As a result, the allocated memory is never freed.
A proposed fix is to update function populate_defaults() masking out VM_ALLOCED:

- ast_copy_flags(vmu, (&globalflags), AST_FLAGS_ALL);
+ ast_copy_flags(vmu, (&globalflags), AST_FLAGS_ALL & ~VM_ALLOCED);

PS: Due to this leak my Asterisk installation grew up to 1.4GB in no more than 14 days.

By: Filip Jenicek (phill) 2012-01-05 01:31:58.542-0600

Updated patch for the described memory leaks