The return value of __pmGetPDU is both an error code and the value of the type field of the PDU. A negative type value is treated as an error by HandleClientInput, and the PDU is never unpinned, even though it was pinned by __pmGetPDU because there was no error. This leads to a memory leak and eventual pmcd crash. I think one possible fix would be to reject negative type values in __pmGetPDU.
[this is a test] Ken tried to comment on this BZ but got an error
I'll work on this one. Florian's suggested fix seems correct and robust.
Fix is in commit 49b9bd1e5d1df6f7115fec79bd09e2dc99df7fd9. QA 511 added to verify bug and fix.
Created attachment 599314 [details] proposed patch for pdu.c This is Florian's fix. I've backed out the commit in my git tree as per the agreed process for handling these issues.
Upstream patch: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4 This issue has been addressed in pcp-3.6.5
This issue was addressed in Fedora and EPEL via the following security updates: Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16 Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17 Rawhide: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18 EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5 EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6