SecCodeCheckValidity and SecStaticCodeCheckValidity leak
| Originator: | russell | ||
| Number: | rdar://19004228 | Date Originated: | 17-Nov-2014 02:35 PM |
| Status: | Open | Resolved: | |
| Product: | OS X SDK | Product Version: | 10.10 |
| Classification: | Performance | Reproducible: | Always |
Summary:
The SecCodeCheckValidity and SecStaticCodeCheckValidity functions in Security.framework will leak when checking the signature of a binary signed with a timestamp.
Steps to Reproduce:
Test 1
=====
1. Download the attached source file
2. Compile: clang -o leaktest{,.m} -framework Security -framework Foundation
3. Sign the resulting binary: codesign -s 'Mac Developer: xxx' leaktest
4. Run the binary: ./leaktest
5. Run leaks: leaks leaktest
Test 2
=====
Re-run steps 3-5 but add the --timestamp flag to the codesign options.
Expected Results:
Both tests show no memory leaks.
Actual Results:
Test 2 shows around 14-24 leaks for 5k-10k bytes.
Version:
Xcode: Version 6.1 (6A1052c)
OS: Version 10.10 (14A389)
I've also tried with Xcode 5.1.1 on 10.9.5 and the bug appears to be present on 10.8 too.
Notes:
taskgated appears to be affected by this memory leak.
Configuration:
The leak only occurs when the --timestamp flag is used with signing the binary (as is the default for binaries signed by Xcode but apparently not for almost all Apple-signed binaries which do not seem to have a timestamp).
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Contents of attached leaktest.m
https://gist.github.com/russellhancox/b5010d87c949c3c8b118