_arena of RedisReply should not be swapped as it always point to RedisResponse._arena #2343
Description
Describe the bug (描述bug)
inline void RedisReply::Swap(RedisReply& other) {
std::swap(_type, other._type);
std::swap(_length, other._length);
std::swap(_data.padding[0], other._data.padding[0]);
std::swap(_data.padding[1], other._data.padding[1]);
std::swap(_arena, other._arena); <<<<<<<<<<--------- _arena should not be swapped
}
To Reproduce (复现方法)
TEST_F(ClientInitTest, RedisResponse) {
std::string msg = "+";
msg.resize(300, 'x');
msg.append("\r\n");
brpc::RedisResponse* resp1 = new brpc::RedisResponse();
brpc::RedisResponse* resp2 = new brpc::RedisResponse();
resp1->Swap(resp2);
char* ptr = (char*)resp2;
delete resp2;
// make sure memory is definitely freed
memset(ptr, 0xff, sizeof(brpc::RedisResponse));
butil::IOBuf buf;
buf.append(msg);
auto err = resp1->ConsumePartialIOBuf(buf, 1);
ASSERT_EQ(0, err);
delete resp1;
}
Expected behavior (期望行为)
no segment fault
Versions (各种版本)
OS: all
Compiler: all
brpc: all
protobuf: all
Additional context/screenshots (更多上下文/截图)
no