Bug #94384 Memory leak in TCP_socket::get_listener_socket()
Submitted: 18 Feb 16:18 Modified: 19 Feb 9:44
Reporter: Alexey Kopytov Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Connection Handling Severity:S3 (Non-critical)
Version:5.7, 8.0 OS:Any
Assigned to: CPU Architecture:Any

[18 Feb 16:18] Alexey Kopytov
Description:
Both 5.7 and 8.0 contain the following code in
TCP_socket::get_listener_socket() (omitting unrelated lines):

---
      if (!getaddrinfo(ipv6_all_addresses, port_buf, &hints, &ai)) {
        /*
          IPv6 might be available (the system might be able to resolve an IPv6
          address, but not be able to create an IPv6-socket). Try to create a
          dummy IPv6-socket. Do not instrument that socket by P_S.
        */
        ...
      }
      if (ipv6_available) {
        ...
      } else {
        ... 

        if (getaddrinfo(ipv4_all_addresses, port_buf, &hints, &ai)) {
          ...
        }
     }
---

After the first successful call to getaddrinfo(), ai contains a pointer
to a data structure allocated by the C library. That memory must be
freed with freeaddrinfo().

However, if ipv6_available == false (i.e. under circumstances described
in the comment), we do another call to getaddrinfo() overwriting the
previously returned pointer stored in ai without calling freeaddrinfo()
on it and thus, leaking allocated memory.

How to repeat:
Code analysis in 
sql/conn_handler/socket_connection.cc:TCP_socket::get_listener_socket().
[19 Feb 9:44] Umesh Shastry
Hello Alexey,

Thank you for the report and feedback.
Verifying based on my internal discussion with the developer.

regards,
Umesh