From 135c66f6cb34a993df544e7da72e323d058ac54d Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 4 Sep 2023 11:45:37 +0200 Subject: [PATCH] BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches In commit fecc573da ("MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs") there was a tiny mistake, elements of length <= 128 are allocated from pool_pp_128 but only those of length < 128 are released to this pool, other ones go to pool_pp_256. Because of this, elements of size exactly 128 are allocated from 128 and released to 256. It can be reproduced a few times by running sample_fetches/tlvs.vtc 1000 times with -DDEBUG_DONT_SHARE_POOLS -DDEBUG_MEMORY_POOLS -DDEBUG_EXPR -DDEBUG_STRICT=2 -DDEBUG_POOL_INTEGRITY -DDEBUG_POOL_TRACING -DDEBUG_NO_POOLS. Not sure why it doesn't reproduce more often though. No backport is needed. This should address github issues #2275 and #2274. --- src/connection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connection.c b/src/connection.c index 5d84d6037..5f7226aae 100644 --- a/src/connection.c +++ b/src/connection.c @@ -569,7 +569,7 @@ void conn_free(struct connection *conn) LIST_DELETE(&tlv->list); if (tlv->len > HA_PP2_TLV_VALUE_256) free(tlv); - else if (tlv->len < HA_PP2_TLV_VALUE_128) + else if (tlv->len <= HA_PP2_TLV_VALUE_128) pool_free(pool_head_pp_tlv_128, tlv); else pool_free(pool_head_pp_tlv_256, tlv);