[
https://issues.apache.org/jira/browse/TS-3754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14628513#comment-14628513
]
Alan M. Carroll commented on TS-3754:
-------------------------------------
I spent some time looking at this. My biggest concern was why this hasn't shown
up as a problem.
As far as I can tell this {{set}} method is used in only two places in the
cache and a number of places in cluster. For the cache uses, one immediately
sets {{_buf_end}} explicitly and the other is a read-only {{IOBuffer}} which
means {{_buf_end}} isn't dereferenced. It does remain possible that some of the
cluster instability is related to this.
I will go ahead and make this change as it does seem broken to me.
> IOBuffer memory leak
> --------------------
>
> Key: TS-3754
> URL: https://issues.apache.org/jira/browse/TS-3754
> Project: Traffic Server
> Issue Type: Bug
> Components: Core
> Reporter: Oknet Xu
> Assignee: Alan M. Carroll
> Priority: Critical
> Fix For: 6.1.0
>
>
> the pointer `_end_buf` exceed the IOBufferData->_data size if offset > 0
> patch at below
> {code}
> diff --git a/iocore/eventsystem/P_IOBuffer.h b/iocore/eventsystem/P_IOBuffer.h
> index 3b8c323..71de17d 100644
> --- a/iocore/eventsystem/P_IOBuffer.h
> +++ b/iocore/eventsystem/P_IOBuffer.h
> @@ -477,7 +477,7 @@ IOBufferBlock::set(IOBufferData *d, int64_t len, int64_t
> offset)
> data = d;
> _start = buf() + offset;
> _end = _start + len;
> - _buf_end = _start + d->block_size();
> + _buf_end = buf() + d->block_size();
> }
>
> TS_INLINE void
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
