0
0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-31 01:43:02 +08:00

Fix a documented memory leak.

Despite the old comments, re-initing the msg_t leaks a refcount to
metadata in some situations.

v1_decoder looks like it isn't tested any more, but it seems like a good
idea to fix it because it has the exact same piece of buggy code
v2_decoder does.
This commit is contained in:
Brian Silverman 2015-07-28 13:43:30 -07:00
parent 7b2e37dc90
commit 97969808f6
2 changed files with 8 additions and 12 deletions

View File

@ -80,10 +80,9 @@ int zmq::v1_decoder_t::one_byte_size_ready (unsigned char const*)
return -1; return -1;
} }
// in_progress is initialised at this point so in theory we should int rc = in_progress.close();
// close it before calling zmq_msg_init_size, however, it's a 0-byte assert(rc == 0);
// message and thus we can treat it as uninitialised... rc = in_progress.init_size (*tmpbuf - 1);
int rc = in_progress.init_size (*tmpbuf - 1);
if (rc != 0) { if (rc != 0) {
errno_assert (errno == ENOMEM); errno_assert (errno == ENOMEM);
rc = in_progress.init (); rc = in_progress.init ();
@ -123,10 +122,9 @@ int zmq::v1_decoder_t::eight_byte_size_ready (unsigned char const*)
const size_t msg_size = static_cast <size_t> (payload_length - 1); const size_t msg_size = static_cast <size_t> (payload_length - 1);
// in_progress is initialised at this point so in theory we should int rc = in_progress.close();
// close it before calling init_size, however, it's a 0-byte assert(rc == 0);
// message and thus we can treat it as uninitialised... rc = in_progress.init_size (msg_size);
int rc = in_progress.init_size (msg_size);
if (rc != 0) { if (rc != 0) {
errno_assert (errno == ENOMEM); errno_assert (errno == ENOMEM);
rc = in_progress.init (); rc = in_progress.init ();

View File

@ -108,10 +108,8 @@ int zmq::v2_decoder_t::size_ready(uint64_t msg_size, unsigned char const* read_p
return -1; return -1;
} }
// in_progress is initialised at this point so in theory we should int rc = in_progress.close();
// close it before calling init_size, however, it's a 0-byte assert(rc == 0);
// message and thus we can treat it as uninitialised.
int rc = -1;
// the current message can exceed the current buffer. We have to copy the buffer // the current message can exceed the current buffer. We have to copy the buffer
// data into a new message and complete it in the next receive. // data into a new message and complete it in the next receive.