Memory leak when rewriting packet to set collection id
Description
Environment
None
Gerrit Reviews
None
Release Notes Description
None
Activity
Show:
CB robot November 25, 2024 at 6:38 AM
Build couchbase-server-7.6.5-5537 contains libcouchbase commit 9a7498b with commit message:
https://couchbasecloud.atlassian.net/browse/CCBC-1630#icft=CCBC-1630: check collection id before storing packet to pipeline
Fixed
Pinned fields
Click on the next to a field label to start pinning.
Details
Details
Assignee
Sergey Auseyau
Sergey AuseyauFix versions
Sprint
None
Story Points
1
Reporter
Sergey Auseyau
Sergey AuseyauPriority
MajorInstabug
Open Instabug
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
Sentry
Linked Issues
Sentry
Linked Issues
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created February 16, 2024 at 1:01 AM
Updated February 25, 2025 at 2:06 AM
Resolved February 16, 2024 at 3:02 AM
Instabug
In mixed-version cluster, with 7.2 and 6.6 nodes, it is possible when libcouchbase will decide to rewrite packet to insert ID of the default collection:
https://github.com/couchbase/libcouchbase/blob/684931e59cd87e0c6292e8142c2b18897be5b10c/src/mc/mcreq.c#L291
This side effect should be accounted for every time check_collection_id() is invoked, so that the caller will always update local pointers to the packet, and do not try to preserve pointer to the old packet.
The issue is in
https://github.com/couchbase/libcouchbase/blob/684931e59cd87e0c6292e8142c2b18897be5b10c/src/mc/mcreq.c#L334C6-L340
void mcreq_enqueue_packet(mc_PIPELINE *pipeline, mc_PACKET *packet) { nb_SPAN *vspan = &packet->u_value.single; sllist_append(&pipeline->requests, &packet->slnode); packet = check_collection_id(pipeline, packet); netbuf_enqueue_span(&pipeline->nbmgr, &packet->kh_span, packet);Which preserves old pointer in "pipeline->requests" list, leaving that piece of memory leaking and accumulating over run time. The fix moves the check to the top of the function.