[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #61666] A memory leak BUG in function tcp_input().
From: |
Enrico Murador |
Subject: |
[lwip-devel] [bug #61666] A memory leak BUG in function tcp_input(). |
Date: |
Fri, 18 Mar 2022 05:43:53 -0400 (EDT) |
Follow-up Comment #5, bug #61666 (project lwip):
I am getting the same issue. I am working with httpd server.
My scenario: after httpd finish sending data in response to a PUSH request
from client, tcp_input() receives a packet (the first part of a GET request)
for the same pcb that is handling the PUSH data.
tcp_input() calls TCP_EVENT_SENT callback (http_sent), that calls http_send(),
then http_check_eof(), that calls http_eof() because it founds the send is
done.
http_eof() closes the connection (call sequence:
http_close_conn->http_close_or_abort_conn->tcp_close->tcp_close_shutdown).
tcp_close_shutdown calls tcp_rst() because application has still to receive
the data (TCP_EVENT_RECV callback has yet to be called, code is after the call
to TCP_EVENT_SENT callback.
After the TCP_EVENT_SENT callback return, tcp_input() calls
tcp_input_delayed_close() that returns 1 and code jumps to "aborted".
Now, inseg.p is NULL, probably (I have yet to verify it, but it seems the only
possibility) because before the call to TCP_EVENT_SENT callback, tcp_input()
calls tcp_process() that calls tcp_receive(), that passes the inseg.p pointer
to recv_data and NULLs inseg.p (code comment is: "Since this pbuf now is the
responsibility of the application, we delete our reference to it so that we
won't (mistakingly) deallocate it").
So back in tcp_input(), the code returns after taking the "aborted" route
without freeing the pbuf that should be still in charge of tcp, because
TCP_EVENT_RECV callback has not been called.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/bugs/?61666>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [lwip-devel] [bug #61666] A memory leak BUG in function tcp_input().,
Enrico Murador <=