Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 2.5.2, 3.1.0, 4.0.0
Affects Version/s: 2.5.1, 3.0
Component/s: memcached
Security Level: Public
Labels:
- MP2
- leak
- memory-use
Environment:
Not specific to any server specifics. Re-create on 1 node VM, Linux Ubuntu 14.04, 8GB RAM, 1 bucket with 4GB limit.

Description

If the client sets a large document (example is 10MB) and for some reason closes the connection before memcached returns status there's a risk of leaking the document size of data.

1. Mcd reads the binary protocol header and sees a value length of 10MB.
2. Mcd uses engine allocate and creates a 10MB item.
3. Mcd goes around conn_nread pulling the value off the socket which requires a few goes to get all 10MB

Meanwhile... client gives up (small lcb_set_timeout) and closes the connection.

3. (contd.) Mcd encouters a read from socket error.
4. Mcd returns false from conn_nread, event loop terminates

In this failure path, there's no item release code, in this example we leak 10MB.

Attachments

Issue Links

blocks

MB-14772 3.1.0 Minor Release

Resolved

relates to

MB-12274 2.5.1 Maintenance Patch-2 Release

Closed

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: MB-12451
#	Subject	Branch	Project	Status	CR	V
42472,7	MB-12451 mcd leak when socket closes during read	master	memcached	Status: MERGED	+2	+1
42525,3	MB-12451 mcd leak when socket closes during read	branch-20	memcached	Status: MERGED	+2	+1
42723,4	MB-12451 Verification build to test MCD memory leak	master	manifest	Status: MERGED	+2	+1
48672,2	MB-12451 mcd leak when socket closes during read	3.0	memcached	Status: MERGED	+2	+1