The return value of __pmGetPDU is both an error code and the value of the type field of the PDU. A negative type value is treated as an error by HandleClientInput, and the PDU is never unpinned, even though it was pinned by __pmGetPDU because there was no error. This leads to a memory leak and eventual pmcd crash.
I think one possible fix would be to reject negative type values in __pmGetPDU.
[this is a test] Ken tried to comment on this BZ but got an error
I'll work on this one. Florian's suggested fix seems correct and robust.
Fix is in commit 49b9bd1e5d1df6f7115fec79bd09e2dc99df7fd9.
QA 511 added to verify bug and fix.
Created attachment 599314 [details]
proposed patch for pdu.c
This is Florian's fix. I've backed out the commit in my git tree as per the agreed process for handling these issues.
This issue has been addressed in pcp-3.6.5
This issue was addressed in Fedora and EPEL via the following security updates: