From 29d2e8aa9abe48539607692ba69a6a5fb4e96ca8 Mon Sep 17 00:00:00 2001
From: Tim Duesterhus <tim@bastelstu.be>
Date: Sun, 29 Sep 2019 23:03:07 +0200
Subject: [PATCH] BUG/MINOR: lua: Properly initialize the buffer's fields for
 string samples in hlua_lua2(smp|arg)

`size` is used in conditional jumps and valgrind complains:

==24145== Conditional jump or move depends on uninitialised value(s)
==24145==    at 0x4B3028: smp_is_safe (sample.h:98)
==24145==    by 0x4B3028: smp_make_safe (sample.h:125)
==24145==    by 0x4B3028: smp_to_stkey (stick_table.c:936)
==24145==    by 0x4B3F2A: sample_conv_in_table (stick_table.c:1113)
==24145==    by 0x420AD4: hlua_run_sample_conv (hlua.c:3418)
==24145==    by 0x54A308F: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54AFEFC: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54A29F1: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54A3523: lua_resume (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x426433: hlua_ctx_resume (hlua.c:1097)
==24145==    by 0x42D7F6: hlua_action (hlua.c:6218)
==24145==    by 0x43A414: http_req_get_intercept_rule (http_ana.c:3044)
==24145==    by 0x43D946: http_process_req_common (http_ana.c:500)
==24145==    by 0x457892: process_stream (stream.c:2084)

Found while investigating issue #306.

A variant of this issue exists since 55da165301b4de213dacf57f1902c2142e867775,
which was using the old `chunk` API instead of the `buffer` API thus this patch
must be backported to HAProxy 1.6 and higher.
---
 src/hlua.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/hlua.c b/src/hlua.c
index 1c87daae3..be959d847 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -420,6 +420,9 @@ static int hlua_lua2arg(lua_State *L, int ud, struct arg *arg)
 	case LUA_TSTRING:
 		arg->type = ARGT_STR;
 		arg->data.str.area = (char *)lua_tolstring(L, ud, (size_t *)&arg->data.str.data);
+		/* We don't know the actual size of the underlying allocation, so be conservative. */
+		arg->data.str.size = arg->data.str.data;
+		arg->data.str.head = 0;
 		break;
 
 	case LUA_TUSERDATA:
@@ -560,6 +563,9 @@ static int hlua_lua2smp(lua_State *L, int ud, struct sample *smp)
 		smp->data.type = SMP_T_STR;
 		smp->flags |= SMP_F_CONST;
 		smp->data.u.str.area = (char *)lua_tolstring(L, ud, (size_t *)&smp->data.u.str.data);
+		/* We don't know the actual size of the underlying allocation, so be conservative. */
+		smp->data.u.str.size = smp->data.u.str.data;
+		smp->data.u.str.head = 0;
 		break;
 
 	case LUA_TUSERDATA: