Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
master
-
None
-
Untriaged
-
No
Description
The dcp_message_system_event function uses addIov for the event/key and buffer which are pointers to data in the dcp stream's readyQueue, soon as dcp_message_system_event returns to ep-engine, the data goes out of scope and memcached could then be pointing at invalid data.
Should be converted to copy-out style as there's ref counting we can employ (without more work to expose the underlying system event item, but copying is ok as the data is small)