Date: Fri, 22 May 2026 03:12:29 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 295488] syslogd: memory leak in casper_ttymsg() via nvlist_take_string_array Message-ID: <bug-295488-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295488 Bug ID: 295488 Summary: syslogd: memory leak in casper_ttymsg() via nvlist_take_string_array Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: pat@patmaddox.com Created attachment 271006 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=271006&action=edit reproducer script `casper_ttymsg()` in `usr.sbin/syslogd/syslogd_cap_log.c` leaks the string array returned by `nvlist_take_string_array()`. The function takes ownership of both the array pointer and the individual strings, but only frees the `iov` wrapper. The strings and array itself are never freed. This leaks memory on every F_CONSOLE and F_TTY log message (e.g. anything matching `*.err` routed to `/dev/console` in the default syslog.conf). On long-running systems, the `syslogd.casper` child process grows to hundreds of MB. The sibling function `casper_wallmsg()` in the same file handles cleanup correctly and can serve as a reference for the fix. --- Here are the results of the reproducer script: root@devbsd:~/lab/default.jj/oss/freebsd-src/default.jj/usr.sbin/syslogd # ../../../prs/freebsd-mem-leak/leak-test.sh syslogd not running? (check /var/run/syslog.pid). --- 150000 user.info messages to /tmp/leak-test.log --- casper RSS (KB): 2676 syslogd: syslogd.casper (syslogd) --- 150000 user.err messages to /dev/console --- casper RSS (KB): 31336 syslogd: syslogd.casper (syslogd) Starting syslogd. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295488-227>