When a TCP command fails to parse in rspamd_fuzzy_tcp_io, the
fuzzy_tcp_session was released prematurely while cmd_session still
held a reference to it. This caused a double-release when cmd_session
was destroyed, potentially leading to memory corruption.
msg_debug_fuzzy_storage("invalid TCP fuzzy command of size %d received from %s",
(int) frame_len,
rspamd_inet_address_to_string(session->common.addr));
- REF_RELEASE(session); /* Release TCP session reference */
+ /* Note: Don't release session here - cmd_session holds a reference and will release it */
}
/* Release our reference - session will be freed when all callbacks complete */
projects / thirdparty / rspamd.git / commitdiff
