moonchen opened a new pull request, #13292: URL: https://github.com/apache/trafficserver/pull/13292
## Problem `NetVConnection` embeds `ProxyProtocol pp_info` by value, and `ProxyProtocol` owns heap (the `additional_data` string and the parsed `tlv` map). `has_proxy_protocol()` parses an inbound PROXY v2 header into `pp_info` once per connection, allocating both. The NetVC `ClassAllocator`s are `Destruct_on_free=false`, so `~ProxyProtocol` never runs when a VC is recycled and `UnixNetVConnection::clear()` did not release `pp_info`. The slot's next placement-`new` then abandons the string buffer and map nodes — leaking once per recycled connection that carried a PROXY v2 header, i.e. every inbound connection behind a PROXY-protocol load balancer. ## Fix Add `ProxyProtocol::reset()` and call it from `UnixNetVConnection::clear()`, the single recycle chokepoint (SSL and QUIC `clear()` chain to it, and `clear()` runs only on the free path). `reset()` swaps the members with empty containers rather than `clear()`ing them, since `clear()` keeps capacity that the recycle would still abandon. Releasing `pp_info` in `clear()` is safe: it is read only while the VC is live. Targeted rather than flipping the allocators to `Destruct_on_free=true`, which would run the full destructor chain on top of the existing manual `clear()`/`free_thread()` teardown and needs a separate idempotency audit. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
