Fix not calling decRef on merged segments

This code path is for outgoing packets, and we don't currently do memory accounting on this path. So it wasn't breaking anything. This change did not add a test for ref-counting issue fixed, but will switch to the leak-checking ref-counter later when all ref-counting issues are fixed. PiperOrigin-RevId: 373447913
author: Ting-Yu Wang <anivia@google.com> 2021-05-12 14:09:52 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-05-12 14:12:38 -0700
commit: ba6de21539131bbf8116137704259e4d11d2894b (patch)
tree: d407e9e121c743505cf8833db4fc0c36ef69d9fe /pkg/tcpip/transport/tcp/snd.go
parent: 07e32fa6967370ef29327417fd941c5130335fbc (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/pkg/tcpip/transport/tcp/snd.go b/pkg/tcpip/transport/tcp/snd.go
index 2b32cb7b2..f43e86677 100644
--- a/pkg/tcpip/transport/tcp/snd.go
+++ b/pkg/tcpip/transport/tcp/snd.go
@@ -716,15 +716,14 @@ func (s *sender) maybeSendSegment(seg *segment, limit int, end seqnum.Value) (se
 			// triggering bugs in poorly written DNS
 			// implementations.
 			var nextTooBig bool
-			for seg.Next() != nil && seg.Next().data.Size() != 0 {
-				if seg.data.Size()+seg.Next().data.Size() > available {
+			for nSeg := seg.Next(); nSeg != nil && nSeg.data.Size() != 0; nSeg = seg.Next() {
+				if seg.data.Size()+nSeg.data.Size() > available {
 					nextTooBig = true
 					break
 				}
-				seg.data.Append(seg.Next().data)
-
-				// Consume the segment that we just merged in.
-				s.writeList.Remove(seg.Next())
+				seg.merge(nSeg)
+				s.writeList.Remove(nSeg)
+				nSeg.decRef()
 			}
 			if !nextTooBig && seg.data.Size() < available {
 				// Segment is not full.
author	Ting-Yu Wang <anivia@google.com>	2021-05-12 14:09:52 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-05-12 14:12:38 -0700
commit	ba6de21539131bbf8116137704259e4d11d2894b (patch)
tree	d407e9e121c743505cf8833db4fc0c36ef69d9fe /pkg/tcpip/transport/tcp/snd.go
parent	07e32fa6967370ef29327417fd941c5130335fbc (diff)