mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg)

Browse Source 
`size` is used in conditional jumps and valgrind complains:

==24145== Conditional jump or move depends on uninitialised value(s)
==24145==    at 0x4B3028: smp_is_safe (sample.h:98)
==24145==    by 0x4B3028: smp_make_safe (sample.h:125)
==24145==    by 0x4B3028: smp_to_stkey (stick_table.c:936)
==24145==    by 0x4B3F2A: sample_conv_in_table (stick_table.c:1113)
==24145==    by 0x420AD4: hlua_run_sample_conv (hlua.c:3418)
==24145==    by 0x54A308F: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54AFEFC: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54A29F1: ??? (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x54A3523: lua_resume (in /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
==24145==    by 0x426433: hlua_ctx_resume (hlua.c:1097)
==24145==    by 0x42D7F6: hlua_action (hlua.c:6218)
==24145==    by 0x43A414: http_req_get_intercept_rule (http_ana.c:3044)
==24145==    by 0x43D946: http_process_req_common (http_ana.c:500)
==24145==    by 0x457892: process_stream (stream.c:2084)

Found while investigating issue #306.

A variant of this issue exists since 55da165301b4de213dacf57f1902c2142e867775,
which was using the old `chunk` API instead of the `buffer` API thus this patch
must be backported to HAProxy 1.6 and higher.
This commit is contained in:
Tim Duesterhus 2019-09-29 23:03:07 +02:00 committed by Willy Tarreau
parent 52c91bb72c
commit 29d2e8aa9a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/hlua.c
View File

@ -420,6 +420,9 @@ static int hlua_lua2arg(lua_State *L, int ud, struct arg *arg)
case LUA_TSTRING:
arg->type = ARGT_STR;
arg->data.str.area = (char *)lua_tolstring(L, ud, (size_t *)&arg->data.str.data);
/* We don't know the actual size of the underlying allocation, so be conservative. */
arg->data.str.size = arg->data.str.data;
arg->data.str.head = 0;
break;
case LUA_TUSERDATA:
@ -560,6 +563,9 @@ static int hlua_lua2smp(lua_State *L, int ud, struct sample *smp)
smp->data.type = SMP_T_STR;
smp->flags |= SMP_F_CONST;
smp->data.u.str.area = (char *)lua_tolstring(L, ud, (size_t *)&smp->data.u.str.data);
/* We don't know the actual size of the underlying allocation, so be conservative. */
smp->data.u.str.size = smp->data.u.str.data;
smp->data.u.str.head = 0;
break;
case LUA_TUSERDATA: