[jira] [Commented] (NIFI-15690) CacheRequestDecoder.readHeader() leaks ByteBuf - should use skipBytes instead of readBytes

Tue, 10 Mar 2026 01:59:09 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-15690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18064380#comment-18064380
 ] 

ASF subversion and git services commented on NIFI-15690:
--------------------------------------------------------

Commit b4cdd043060f6aef690fa284a2f0529fdfb08090 in nifi's branch 
refs/heads/main from Dan Chaffelson
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=b4cdd043060 ]

NIFI-15690 Fixed ByteBuf leak in CacheRequestDecoder readHeader (#10988)

Replaced readBytes(HEADER_LENGTH) with skipBytes(HEADER_LENGTH) to avoid
allocating a ByteBuf that is never released. The header bytes are discarded
so skipBytes achieves the same result without allocation.

> CacheRequestDecoder.readHeader() leaks ByteBuf - should use skipBytes instead 
> of readBytes
> ------------------------------------------------------------------------------------------
>
>                 Key: NIFI-15690
>                 URL: https://issues.apache.org/jira/browse/NIFI-15690
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.28.1, 2.7.2
>            Reporter: Daniel Chaffelson
>            Priority: Minor
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The readHeader() method in CacheRequestDecoder allocates a new ByteBuf that 
> is never released:
> {code:java}
> private void readHeader(final ByteBuf byteBuf, final SocketAddress 
> remoteAddress) {
>     if (byteBuf.readableBytes() >= HEADER_LENGTH) {
>         byteBuf.readBytes(HEADER_LENGTH);  // Creates new ByteBuf, never 
> released
>         headerReceived.getAndSet(true);
>         log.debug("Header Received [{}]", remoteAddress);
>     }
> }
> {code}
> In Netty, {{ByteBuf.readBytes(int)}} allocates a *new* ByteBuf containing the 
> extracted bytes. Since the return value is discarded, this buffer is never 
> released, triggering Netty's ResourceLeakDetector:
> {noformat}
> LEAK: ByteBuf.release() was not called before it's garbage-collected.
> ...
> at 
> org.apache.nifi.distributed.cache.server.codec.CacheRequestDecoder.readHeader(CacheRequestDecoder.java:238)
> {noformat}
> *Fix*: Replace {{readBytes(HEADER_LENGTH)}} with {{skipBytes(HEADER_LENGTH)}} 
> since the header content is not used.
> *Affected versions*: 1.17.0+ and all 2.x (introduced in NIFI-9805)
> *Impact*: Low - 4 bytes leaked per new cache client connection. Affects flows 
> using DistributedMapCacheServer, DistributedSetCacheServer, Wait, Notify, 
> DetectDuplicate processors.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to