[Fix] Fix refcount leak in fuzzy_session destructor for TCP sessions

The fuzzy_session created for TCP command processing holds a reference
to its parent fuzzy_tcp_session but failed to release it in the destructor,
causing a refcount leak and potential use-after-free issue.

diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index d0edcca81aaac5ab5b9cd431f2b8ee06ca4242c8..fcd8987dded6705c4a2e1c1510eecee00a54a232 100644 (file)
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -2327,6 +2327,10 @@ fuzzy_session_destroy(gpointer d)
        if (session->tcp_session == NULL) {
                session->worker->nconns--;
        }
+       else {
+               /* Release the reference to the TCP session */
+               REF_RELEASE(session->tcp_session);
+       }
 
        if (session->ip_stat) {
                REF_RELEASE(session->ip_stat);