Bug ID 740277: Extra policy_release (per-request policy) in policy engine causes core due to use-after-free condition

Last Modified: Sep 20, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1

Fixed In:
14.1.0

Opened: Aug 14, 2018
Severity: 1-Blocking

Symptoms

In some execution paths of per-request policies, policy ref count gets unbalanced and causes a core dump and/or memory leak.

Impact

Memory leak (in case of per-session policy not released). It may cause a core dump in some cases, if the per-request policy is over-released.

Conditions

This is a very rarely occurring issue encountered when using per-request policies.

Workaround

None.

Fix Information

This has been addressed in two ways; -- To prevent the core, the system now ensures that the per-request policy ref-count never goes below 1 while executing per-request policies. - To prevent the memory leak, corrected the instances in which policy was not released.

Behavior Change