[fprint] Memory management Libfprint

Benjamin Berg benjamin at sipsolutions.net
Thu Apr 22 09:38:53 UTC 2021


Hi,

please make sure to press the "Reply to all" button (or just reply to
the list only).

On Wed, 2021-04-21 at 22:17 +0000, Carlos Garcia wrote:
> Thanks Benjamin. The problem was solved. About the other problem: 

No problem!

> Another problem detected is when unplug device, next call capture
> process. The removed device error is detected correctly but when I
> reinitialize the library creating a new object of type:
>  
>  * FPContext
>  * GmainLoop

Hmm, you should not need to recreate these. The issues you found are
FpContext not cleaning up correctly after itself (it is a use-after-
free issue).

I'll submit a fix later, but just keeping the FpContext around (or
unref'ing it only after the "device-removed" signal has happened)
should work around the problem.

> Have the next error:
>  
> (process:35): libfprint-context-DEBUG: 17:47:21.078: No driver found
> for USB device 1D6B:0001  ---> Device was removed and not plugged in
> yet .
> (process:35): libfprint-image_device-DEBUG: 17:47:21.225: Image
> device open completed --> Device plugged in again, free up memory and
> create new objects.
> (process:35): libfprint-device-DEBUG: 17:47:21.225: Device reported
> open completion
> (process:35): libfprint-device-DEBUG: 17:47:21.225: Completing action
> FPI_DEVICE_ACTION_OPEN in idle!
> (process:35): GLib-CRITICAL **: 17:47:21.226:
> g_ptr_array_find_with_equal_func: assertion 'haystack != NULL' failed
> (process:35): libfprint-context-CRITICAL **: 17:47:21.226:
> remove_device_idle_cb: assertion 'g_ptr_array_find (priv->devices,
> data->device, &idx)' failed
> 

Right, that is a bug in FpContext and it is a serious use-after free
issue. First, it should be using g_signal_connect_object in
device_removed_cb and async_device_init_done_cb.

But, I suspect in this case it is the idle handler that is added in
remove_device firing after the FpContext was destroyed. Both of these
are bugs that are easy to fix.

Benjamin

>  
> The library works fine when the device is reconnected, but I want to
> know about these 2 errors
>  
>  
> Do you know what happens?
>  
> And a final question related to g_idle_add
>  
> When g_cancellable_cancel is invoked, it needs to be invoked with
> g_idle_add.
>  
> The g_main_loop_run is running on another thread.
>  
> Thanks for your support.
>  
> From: Benjamin Berg
> Sent: Wednesday, April 21, 2021 3:30 AM
> To: Carlos Garcia; fprint at lists.freedesktop.org
> Subject: Re: [fprint] Memory management Libfprint
>  
> Hi Carlos,
>  
> the image returned by fp_device_capture_finish is owned by your code
> (marked as "transfer full"). It is a GObject, and you are responsible
> to eventually call g_object_unref on it.
>  
> There are various ways of achieving that. If you can use the modern
> GLib autoptr features, then I would suggest:
>  
> * Change the declaration in etr_fp_dev_capture_cb to:
>    g_autoptr(FpImage) image = NULL;
> * Change the fp_image_detect_minutiae call to steal the reference:
>    fp_image_detect_minutiae(g_steal_pointer (&image),
>              aut->ctx.clops,
>              (GAsyncReadyCallback)etr_fp_extract_minutiae,aut);
> * Add a variable auto unref in etr_fp_extract_minutiae:
>    g_autoptr(FpImage) img_free = img;
>  
> After that the memory leak should be gone.
>  
> You can of course also call g_object_unref manually, but then you
> need
> to make sure to handle all the error paths correctly.
>  
> Benjamin
>  
> On Tue, 2021-04-20 at 23:09 +0000, Carlos Garcia wrote:
> >  
> > Hi everyone. I have some questions with the memory management with
> > libfprint.
> > I’m creating a program for capture image and retrieve the minutiae
> > from the captured image. I’m using:
> >  
> >  * fp_device_capture
> >  * fp_device_capture_finish
> >  * fp_image_detect_minutiae
> >  * fp_image_detect_minutiae_finish
> >  
> > I have relied on the img-capture.c example from the version 1.90.7
> > examples.
> > Here is my code:
> >  
> > ///< This function is executed in another thread using pthreads
> > static void * etr_fp_gmain_loop(void *data)
> > {
> >     FpContext *context   = NULL;
> >     tAUTOMATON_DATA *aut = (tAUTOMATON_DATA *) data;
> >     aut->ctx.clops  = g_cancellable_new();
> > 
> >     // Create libfprint context
> > 
> >     if ((context = etr_fp_find_device(aut)) != NULL) // Inside this
> >  f
> > unction open device with fp_device_open_sync
> >     {
> >         KernelInsertEvent(aut->fsm->aut_id,AUT_EVT_OPENED,NULL,0);
> >         aut->ctx.gmloop = g_main_loop_new(NULL,FALSE);
> >         g_main_loop_run(aut-
> > > ctx.gmloop);    // Run until g_main_loop_quit is called.
> > 
> >         // Free resources.
> >         g_main_loop_unref(aut->ctx.gmloop);
> >         g_clear_object(&context);
> >         aut->ctx.device = NULL;
> >         aut->ctx.gmloop = NULL;
> >     }
> > 
> >     g_clear_object(&aut->ctx.clops); // Free GCancellable.
> > 
> >     return NULL;
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > static void etr_fp_extract_minutiae(FpImage *img, GAsyncResult *res
> > , 
> > void *user_data)
> > {
> >     GPtrArray *minutiaes    = NULL;
> >     g_autoptr(GError) error = NULL;
> >     tAUTOMATON_DATA *aut    = (tAUTOMATON_DATA *) user_data;
> > 
> >     if (fp_image_detect_minutiae_finish(img,res,&error))
> >     {
> >         minutiaes = fp_image_get_minutiae(img);
> >         if (minutiaes != NULL)
> >         {
> >             gint img_w = fp_image_get_width(img);
> >             gint img_h = fp_image_get_height(img);
> >             // Do something
> > 
> >         }
> >         else
> >             LogError("Error retrieving minutiae");
> >     }
> >     else
> >     {
> >         LogError("Error retrieving minutiae from FingerPrint. %s",(
> > er
> > ror) ? error->message : "Unknown Error");
> >         if (error != NULL && error->code == G_IO_ERROR_CANCELLED)
> >             g_cancellable_reset(aut->ctx.clops);
> >     }
> > 
> >     KernelInsertEvent(aut->fsm->aut_id,AUT_EVT_DATA,NULL,0);
> > }
> > 
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > static void etr_fp_dev_capture_cb(FpDevice *dev, GAsyncResult *res,
> >  v
> > oid *user_data)
> > {
> >     int result;
> >     FpImage *image = NULL;
> >     g_autoptr(GError) error = NULL;
> >     tAUTOMATON_DATA *aut = (tAUTOMATON_DATA *) user_data;
> > 
> >     image = fp_device_capture_finish(dev, res, &error);
> > 
> >     if (!image)
> >     {
> >         LogError("Error capturing fingerprint: %s",error->message);
> > 
> >         if (aut->ctx.cap_cb)
> >             aut->ctx.cap_cb(error->code,NULL,aut->ctx.u_data);
> > 
> >         if (error->code == G_IO_ERROR_CANCELLED) {
> >             g_cancellable_reset(aut->ctx.clops);
> >             KernelInsertEvent(aut->fsm-
> > >aut_id,AUT_EVT_DATA,NULL,0);
> >         }
> > 
> >         else {
> > 
> >             etr_fp_dev_close(aut);
> >             KernelInsertEvent(aut->fsm-
> > > aut_id,AUT_EVT_REMOVED,NULL,0);
> >         }
> > 
> >         return;
> >     }
> > 
> >     if (aut->ctx.imgpath != NULL)
> >         if ((result = etr_fp_save_image_to_pgm(image, aut-
> > > ctx.imgpath)) < 0)
> >             LogError("Unable to save the image in specified path: %
> > s.
> >  Error code: %d",aut->ctx.imgpath,result);
> > 
> >     fp_image_detect_minutiae(image,aut-
> > > ctx.clops,(GAsyncReadyCallback)etr_fp_extract_minutiae,aut);
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > gboolean etr_fp_start_capture(gpointer data)
> > {
> >     tAUTOMATON_DATA *aut = (tAUTOMATON_DATA *) data;
> > 
> >     fp_device_capture(aut->ctx.device, TRUE, aut-
> > > ctx.clops, (GAsyncReadyCallback) etr_fp_dev_capture_cb, aut);
> > 
> >     return FALSE;
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > void capturing__entry(void* aut_data)
> > {
> >     g_idle_add(etr_fp_start_capture,aut_data);
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > static gboolean etr_fp_dev_close(gpointer data)
> > {
> >     g_autoptr(GError) gerror = NULL;
> >     tAUTOMATON_DATA *aut = (tAUTOMATON_DATA *)data;
> > 
> >     if (!fp_device_close_sync(aut->ctx.device,NULL,&gerror))
> >         LogError("Error closing device: %s",gerror->message);
> > 
> >     g_main_loop_quit(aut->ctx.gmloop);
> > 
> >     return FALSE;
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > int etr_fp_init(void *aut)
> > {
> >     /*
> >       do other things.
> >     */
> > 
> >     if (pthread_create(&aut-
> > > ctx.event_t,NULL,&etr_fp_gmain_loop,aut))
> >     {
> >         LogError("%s:Id%d Unable to create glib event loop thread",
> > K_
> > ETR_FP_API_PREFIX,id);
> >         return K_ETR_FP_FAILURE;
> >     }
> > 
> >     return K_ETR_FP_OK;
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> > int etr_fp_end(void *aut)
> > {
> >     // Free libfrpint, glib resources when gmainloop ends free auto
> > ma
> > ton.;
> >     g_idle_add_full(G_PRIORITY_HIGH_IDLE,etr_fp_dev_close,aut,NULL)
> > ;
> >     pthread_join(aut->ctx.event_t,NULL);
> > 
> >     return 0;
> > }
> > //-----------------------------------------------------------------
> > --
> > --------
> > 
> >  
> >  
> > I have read some things about valgrind with Glib and possible
> > problems. So,my first question is:
> >  
> > Can I use Valgrind with libfprint?
> >  
> > When I run valgrind with the following configuration:
> >  
> > valgrind --leak-check=full --show-leak-kinds=definite,indirect --
> > track-origins=yes --verbose --log-file=valgrind-out.txt ./myapp
> >  
> > The following catches my attention:
> >  
> > ==35461== 1,113,600 bytes in 10 blocks are indirectly lost in loss
> > record 910 of 912
> > ==35461==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-
> > gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> > ==35461==    by 0x4AECCB8: g_malloc (in /usr/lib/x86_64-linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x5450990: binarize_image_V2 (in /usr/lib/x86_64-
> > linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x5450B3C: binarize_V2 (in /usr/lib/x86_64-linux-
> > gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x544605A: lfs_detect_minutiae_V2 (in
> > /usr/lib/x86_64-linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x543EE8D: get_minutiae (in /usr/lib/x86_64-linux-
> > gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x540E7C1: fp_image_detect_minutiae_thread_func (in
> > /usr/lib/x86_64-linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x8457C81: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgio-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x4B111B3: ??? (in /usr/lib/x86_64-linux-
> > gnu/libglib-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x4B10910: ??? (in /usr/lib/x86_64-linux-
> > gnu/libglib-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x858C608: start_thread (pthread_create.c:477)
> > ==35461==    by 0x4CE2292: clone (clone.S:95)
> > ==35461== 
> > ==35461== 1,113,600 bytes in 10 blocks are indirectly lost in loss
> > record 911 of 912
> > ==35461==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-
> > gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> > ==35461==    by 0x4AECCB8: g_malloc (in /usr/lib/x86_64-linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x540EF98: fp_image_detect_minutiae (in
> > /usr/lib/x86_64-linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x484E10B: etr_fp_dev_capture_cb
> > (fingerprint.c:528)
> > ==35461==    by 0x8456F68: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgio-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x8457B5C: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgio-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x54375AA: fp_device_task_return_in_idle_cb (in
> > /usr/lib/x86_64-linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x4AE6E6D: g_main_context_dispatch (in
> > /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x4AE721F: ??? (in /usr/lib/x86_64-linux-
> > gnu/libglib-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x4AE7512: g_main_loop_run (in /usr/lib/x86_64-
> > linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x484DAA7: etr_fp_gmain_loop (fingerprint.c:401)
> > ==35461==    by 0x858C608: start_thread (pthread_create.c:477)
> > ==35461== 
> > ==35461== 2,333,120 (800 direct, 2,332,320 indirect) bytes in 10
> > blocks are definitely lost in loss record 912 of 912
> > ==35461==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-
> > gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
> > ==35461==    by 0x4AECCB8: g_malloc (in /usr/lib/x86_64-linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x4B052A5: g_slice_alloc (in /usr/lib/x86_64-linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x4B058CD: g_slice_alloc0 (in /usr/lib/x86_64-
> > linux-
> > gnu/libglib-2.0.so.0.6400.6)
> > ==35461==    by 0x837B0CF: g_type_create_instance (in
> > /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.6400.6)
> > ==35461==    by 0x835A34C: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgobject-2.0.so.0.6400.6)
> > ==35461==    by 0x835C377: g_object_new_valist (in /usr/lib/x86_64-
> > linux-gnu/libgobject-2.0.so.0.6400.6)
> > ==35461==    by 0x835C6CC: g_object_new (in /usr/lib/x86_64-linux-
> > gnu/libgobject-2.0.so.0.6400.6)
> > ==35461==    by 0x5428644: imaging_run_state (in /usr/lib/x86_64-
> > linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x543E345: transfer_finish_cb (in /usr/lib/x86_64-
> > linux-gnu/libfprint.so.2.0.0)
> > ==35461==    by 0x8456F68: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgio-
> > 2.0.so.0.6400.6)
> > ==35461==    by 0x8456FAC: ??? (in /usr/lib/x86_64-linux-
> > gnu/libgio-
> > 2.0.so.0.6400.6)
> > ==35461== 
> > ==35461== LEAK SUMMARY:
> > ==35461==    definitely lost: 1,128 bytes in 22 blocks
> > ==35461==    indirectly lost: 2,334,793 bytes in 2,604 blocks
> > ==35461==      possibly lost: 34,119 bytes in 142 blocks
> > ==35461==    still reachable: 190,826 bytes in 1,292 blocks
> > ==35461==                       of which reachable via heuristic:
> > ==35461==                         length64          : 1,160 bytes
> > in
> > 29 blocks
> > ==35461==                         newarray          : 1,584 bytes
> > in
> > 19 blocks
> > ==35461==         suppressed: 0 bytes in 0 blocks
> > ==35461== Reachable blocks (those to which a pointer was found) are
> > not shown.
> > ==35461== To see them, rerun with: --leak-check=full --show-leak-
> > kinds=all
> > ==35461== 
> > ==35461== ERROR SUMMARY: 135 errors from 135 contexts (suppressed:
> > 0
> > from 0)
> >  
> > So fp_image_detect_minutiae have a memory leak?
> >  
> > Or maybe is a Valgrind problem. Every time I run a capture the
> > memory
> > usage grows and it doesn't seem to return the resources used.
> > I am executing the g_main_loop_run in another thread and the calls
> > to
> > the capture function are made usingg_idle_add
> >  
> > Another problem detected is when unplug device, next call capture
> > process. The removed device error is detected correctly but when I
> > reinitialize the library creating a new object of type:
> > 
> >  * FPContext
> >  * GmainLoop
> > 
> > Have the next error:
> > 
> > (process:35): libfprint-context-DEBUG: 17:47:21.078: No driver
> > found
> > for USB device 1D6B:0001  ---> Device was removed and not plugged
> > in
> > yet .
> > (process:35): libfprint-image_device-DEBUG: 17:47:21.225: Image
> > device open completed --> Device plugged in again, free up memory
> > and
> > create new objects.
> > (process:35): libfprint-device-DEBUG: 17:47:21.225: Device reported
> > open completion
> > (process:35): libfprint-device-DEBUG: 17:47:21.225: Completing
> > action
> > FPI_DEVICE_ACTION_OPEN in idle!
> > (process:35): GLib-CRITICAL **: 17:47:21.226:
> > g_ptr_array_find_with_equal_func: assertion 'haystack != NULL'
> > failed
> > (process:35): libfprint-context-CRITICAL **: 17:47:21.226:
> > remove_device_idle_cb: assertion 'g_ptr_array_find (priv->devices,
> > data->device, &idx)' failed
> > 
> > 
> > The library works fine when the device is reconnected, but I want
> > to
> > know about these 2 errors.
> > Thanks for all the support provided.
> >  
> >  
> > _______________________________________________
> > fprint mailing list
> > fprint at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/fprint
>  
>  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/fprint/attachments/20210422/6d1d4ffe/attachment.sig>


More information about the fprint mailing list