Memory Leak identified in cosign verify flow
Closed this issue · 0 comments
Description
We are using cosign as a library in our code. when we execute cosign libraries to verify the images for signature, we identify a memory increase. After memory profiling of the code we found the issue in the file/function
The main problem identified is that in this function defer clause is missing to close the file stream.
When we looked similar functionality elsewhere in cosign code , we found that defer clause is present. few examples are
cosign/pkg/oci/remote/remote.go
Line 228 in 6206f5a
and
Line 84 in 6206f5a
in these functions the file stream is getting closed but seems to be missing in
pkg/oci/internal/signature/layer.go
The main change suggested is to add defer clause which is missing in this function.
// Payload implements oci.Signature
func (s *sigLayer) Payload() ([]byte, error) {
// Compressed is a misnomer here, we just want the raw bytes from the registry.
r, err := s.Layer.Compressed()
if err != nil {
return nil, err
}
payload, err := io.ReadAll(r)
if err != nil {
return nil, err
}
defer r.Close()
return payload, nil
}
We applied the patch locally and found the memory leak is solved.
Without Patch
Version
The issue is identified in release 2.2.3 but it is previous in previous release also