diff --git a/CHANGELOG b/CHANGELOG index eec807dd6..8bf1c4b04 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +2022-05-13 + - 3.1.1 + - Fix memory leak in processing stream frames (isse #368) + 2022-05-06 - 3.1.0 - Better handling of transport parameter max_table_capcity < 32 diff --git a/docs/conf.py b/docs/conf.py index 1b6001470..9d8c2a9db 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -26,7 +26,7 @@ # The short X.Y version version = u'3.1' # The full version, including alpha/beta/rc tags -release = u'3.1.0' +release = u'3.1.1' # -- General configuration --------------------------------------------------- diff --git a/include/lsquic.h b/include/lsquic.h index 0cba9bb9e..0dba46e47 100644 --- a/include/lsquic.h +++ b/include/lsquic.h @@ -25,7 +25,7 @@ extern "C" { #define LSQUIC_MAJOR_VERSION 3 #define LSQUIC_MINOR_VERSION 1 -#define LSQUIC_PATCH_VERSION 0 +#define LSQUIC_PATCH_VERSION 1 /** * Engine flags: diff --git a/src/liblsquic/lsquic_di_hash.c b/src/liblsquic/lsquic_di_hash.c index 900ab5817..92b99f731 100644 --- a/src/liblsquic/lsquic_di_hash.c +++ b/src/liblsquic/lsquic_di_hash.c @@ -438,9 +438,13 @@ hash_di_insert_frame (struct data_in *data_in, ins = lsquic_data_in_hash_insert_data_frame(data_in, data_frame, read_offset); assert(ins != INS_FRAME_OVERLAP); - lsquic_packet_in_put(hdi->hdi_conn_pub->mm, new_frame->packet_in); - if (ins != INS_FRAME_OK) + /* NOTE: Only release packet and frame for INS_FRAME_OK, + * other cases are handled by caller */ + if (ins == INS_FRAME_OK) + { + lsquic_packet_in_put(hdi->hdi_conn_pub->mm, new_frame->packet_in); lsquic_malo_put(new_frame); + } return ins; } diff --git a/src/liblsquic/lsquic_di_nocopy.c b/src/liblsquic/lsquic_di_nocopy.c index a9de76622..dd4794ca4 100644 --- a/src/liblsquic/lsquic_di_nocopy.c +++ b/src/liblsquic/lsquic_di_nocopy.c @@ -395,8 +395,6 @@ nocopy_di_insert_frame (struct data_in *data_in, break; case INS_FRAME_DUP: case INS_FRAME_ERR: - lsquic_packet_in_put(ncdi->ncdi_conn_pub->mm, new_frame->packet_in); - lsquic_malo_put(new_frame); break; default: break; diff --git a/src/liblsquic/lsquic_stream.c b/src/liblsquic/lsquic_stream.c index accb30473..36e1d18f2 100644 --- a/src/liblsquic/lsquic_stream.c +++ b/src/liblsquic/lsquic_stream.c @@ -1095,12 +1095,11 @@ lsquic_stream_frame_in (lsquic_stream_t *stream, stream_frame_t *frame) LSQ_DEBUG("received stream frame, offset %"PRIu64", len %u; " "fin: %d", frame->data_frame.df_offset, frame->data_frame.df_size, !!frame->data_frame.df_fin); + rv = -1; if ((stream->sm_bflags & SMBF_USE_HEADERS) && (stream->stream_flags & STREAM_HEAD_IN_FIN)) { - lsquic_packet_in_put(stream->conn_pub->mm, frame->packet_in); - lsquic_malo_put(frame); - return -1; + goto release_packet_frame; } if (frame->data_frame.df_fin && (stream->sm_bflags & SMBF_IETF) @@ -1112,7 +1111,7 @@ lsquic_stream_frame_in (lsquic_stream_t *stream, stream_frame_t *frame) "new final size %"PRIu64" from STREAM frame (id: %"PRIu64") does " "not match previous final size %"PRIu64, DF_END(frame), stream->id, stream->sm_fin_off); - return -1; + goto release_packet_frame; } got_next_offset = frame->data_frame.df_offset == stream->read_offset; @@ -1123,7 +1122,6 @@ lsquic_stream_frame_in (lsquic_stream_t *stream, stream_frame_t *frame) /* Update maximum offset in the flow controller and check for flow * control violation: */ - rv = -1; free_frame = !stream->data_in->di_if->di_own_on_ok; max_off = frame->data_frame.df_offset + frame->data_frame.df_size; if (0 != lsquic_stream_update_sfcw(stream, max_off)) @@ -1150,7 +1148,7 @@ lsquic_stream_frame_in (lsquic_stream_t *stream, stream_frame_t *frame) } else if (INS_FRAME_DUP == ins_frame) { - return 0; + rv = 0; } else if (INS_FRAME_OVERLAP == ins_frame) { @@ -1160,15 +1158,15 @@ lsquic_stream_frame_in (lsquic_stream_t *stream, stream_frame_t *frame) if (stream->data_in) goto insert_frame; stream->data_in = lsquic_data_in_error_new(); - lsquic_packet_in_put(stream->conn_pub->mm, frame->packet_in); - lsquic_malo_put(frame); - return -1; } else { assert(INS_FRAME_ERR == ins_frame); - return -1; } +release_packet_frame: + lsquic_packet_in_put(stream->conn_pub->mm, frame->packet_in); + lsquic_malo_put(frame); + return rv; }