Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-96948

motif _XmUtf8ToUcs2 funtion make memory leak

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10.z
    • rhel-8.6.0
    • motif
    • motif-2.3.4-23.el8_10
    • No
    • Moderate
    • 1
    • rhel-display-window-mgmt
    • 2
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Display WM #2/2025
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      Hi, all

      One of the customer found that in _XmUtf8ToUcs2, memory is allocated (XtMalloc) for the string area to be returned as the _XmUtf8ToUcs2 return value, but there is no processing to release the memory corresponding to that memory allocation, resulting in a memory leak.

      XmString.c: A memory leak occurs because the local variable str obtained by _XmUtf8ToUcs2 is not released by XFree:
      ~~~
      static void
      ComputeMetrics(XmRendition rend,
      XtPointer text,
      unsigned int byte_count,
      XmTextType type,
      int which_seg,
      Dimension *width,
      Dimension *height,
      Dimension *ascent,
      Dimension *descent,
      Boolean utf8)
      {
      Dimension wid, hi;
      int dir, asc, desc;
      ……
      if (utf8)

      { /* TODO: it is very unoptimized convert the same sting * twice - for getting extents and drawing */ size_t str_len = 0; XChar2b *str = _XmUtf8ToUcs2(text, byte_count, &str_len); XTextExtents16(font_struct, str, str_len, &dir, &asc, &desc, &char_ret);     /* There is no XFree here. */ }

      else
      ~~~

      Here is the Valgrind output:
      ~~~
      ==3692== 21,320 bytes in 4,030 blocks are definitely lost in loss record 892 of 898
      ==3692== at 0x4C37135: malloc (vg_replace_malloc.c:381)
      ==3692== by 0x5DD6ED8: XtMalloc (in /usr/lib64/libXt.so.6.0.0)
      ==3692== by 0x5A8B6B8: _XmUtf8ToUcs2 (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x5A2B669: ??? (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x5A33B94: ??? (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x5A37C10: ??? (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x5A3803A: ??? (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x5A387FD: XmStringDraw (in /usr/lib64/libXm.so.4.0.4)
      ==3692== by 0x507BF1E: CXmString::Draw(_XDisplay*, unsigned long, CXmFontList&, _XGC*, short, short, char*) (CXmString.cpp:138)
      ==3692== by 0x56D8CFB: ScaleTickDraw::Draw(unsigned long, int, int, int, int, char const*, int) (ScaleTickDraw.cpp:157)
      ==3692== by 0x56D99EB: ScaleTickFreqR::Draw(unsigned long, int, int, int, int, int, GramFrame*) (ScaleTickFreqR.cpp:156)
      ==3692== by 0x56D603D: GramFrame::DrawFrame(_XDisplay*, _XGC*, unsigned long) (GramFrame.cpp:152)
      ~~~

      By the way, in the latest RHEL 8.10 and RHEL 9.6, there is still no ‘XFree’ under this function from what I found.

      Thank you.

              rhn-engineering-ofourdan Olivier Fourdan
              rhn-support-yzheng Yinghai Zheng
              Olivier Fourdan Olivier Fourdan
              Tomas Pelka Tomas Pelka
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: