Incorrect payload pool release in EDPSimple destructor [13114]

[ghost]

There is a bug in EDPSimple::~EDPSimple() which attempts to release more memory than it was allocated:

EDPUtils::release_payload_pool(sec_pub_reader_payload_pool_, publications_secure_writer_.second->m_att, true);

Such behavior leads to integer overflow in PreallocatedReallocTopicPayloadPool::release_history():

    bool release_history(
            const PoolConfig& config,
            bool is_reader) override
    {
        {
            std::lock_guard<std::mutex> lock(mutex_);
            minimum_pool_size_ -= config.initial_size;
        }

        return TopicPayloadPool::release_history(config, is_reader);
    }

Next time, on participant creation, the payload pool tries to allocate gigantic amount of memory and gets killed by the OS.

System information

• Fast-RTPS version: 2.4.1
• OS: Ubuntu 20.04

Additional context

This code change helps to solve the issue:

diff --git a/src/cpp/rtps/builtin/discovery/endpoint/EDPSimple.cpp b/src/cpp/rtps/builtin/discovery/endpoint/EDPSimple.cpp
index 294310a61..2000eb4a8 100644
--- a/src/cpp/rtps/builtin/discovery/endpoint/EDPSimple.cpp
+++ b/src/cpp/rtps/builtin/discovery/endpoint/EDPSimple.cpp
@@ -82,7 +82,7 @@ EDPSimple::~EDPSimple()
     if (this->publications_secure_reader_.first != nullptr)
     {
         this->mp_RTPSParticipant->deleteUserEndpoint(publications_secure_reader_.first);
-        EDPUtils::release_payload_pool(sec_pub_reader_payload_pool_, publications_secure_writer_.second->m_att, true);
+        EDPUtils::release_payload_pool(sec_pub_reader_payload_pool_, publications_secure_reader_.second->m_att, true);
         delete(publications_secure_reader_.second);
     }
 

[MiguelCompany]

@oleksandr-hryshchuk Thanks for the catch! I introduced your fix, plus a refactor to avoid copy-paste mistakes in the future, on #2335.

Please check on your side.

[ghost]

@MiguelCompany, your fix works for me, thanks!