Memory Leak identified in cosign verify flow
Closed this issue · 0 comments
Description
We are using cosign as a library in our code. when we execute cosign libraries to verify the images for signature, we identify a memory increase. After memory profiling of the code we found the issue in the file/function
The main problem identified is that in this function defer clause is missing to close the file stream.
When we looked similar functionality elsewhere in cosign code , we found that defer clause is present. few examples are
cosign/pkg/oci/remote/remote.go
Line 228 in 6206f5a
and
Line 84 in 6206f5a
in these functions the file stream is getting closed but seems to be missing in
pkg/oci/internal/signature/layer.go
The main change suggested is to add defer clause which is missing in this function.
// Payload implements oci.Signature
func (s *sigLayer) Payload() ([]byte, error) {
// Compressed is a misnomer here, we just want the raw bytes from the registry.
r, err := s.Layer.Compressed()
if err != nil {
return nil, err
}
payload, err := io.ReadAll(r)
if err != nil {
return nil, err
}
defer r.Close()
return payload, nil
}
We applied the patch locally and found the memory leak is solved.
Without Patch
With Patch
Version
The issue is identified in release 2.2.3 but it is previous in previous release also