From 2cba79a66a08e8358dd0df740321010e825417f8 Mon Sep 17 00:00:00 2001
From: Aurelien DARRAGON <adarragon@haproxy.com>
Date: Fri, 17 Apr 2026 08:16:38 +0200
Subject: [PATCH] BUG/MINOR: task: fix uninitialised read in
 run_tasks_from_lists()

Since commit 7d40b31 ("MEDIUM: sched: do not run a same task multiple
times in series") I noticed that any valid config, once haproxy was
started, would produce uninitialised reads on valgrind:

[NOTICE]   (243490) : haproxy version is 3.4-dev9-0af603-2
[NOTICE]   (243490) : path to executable is /tmp/haproxy/haproxy
[WARNING]  (243490) : missing timeouts for proxy 'test'.
   | While not properly invalid, you will certainly encounter various problems
   | with such a configuration. To fix this, please ensure that all following
   | timeouts are set to a non-zero value: 'client', 'connect', 'server'.
[NOTICE]   (243490) : Automatically setting global.maxconn to 491.
==243490== Thread 4:
==243490== Conditional jump or move depends on uninitialised value(s)
==243490==    at 0x44DBD7: run_tasks_from_lists (task.c:567)
==243490==    by 0x44E99E: process_runnable_tasks (task.c:913)
==243490==    by 0x395A41: run_poll_loop (haproxy.c:2981)
==243490==    by 0x396178: run_thread_poll_loop (haproxy.c:3211)
==243490==    by 0x4E2DAA3: start_thread (pthread_create.c:447)
==243490==    by 0x4EBAA63: clone (clone.S:100)
==243490==

Looking at it, it is caused by the fact that task->last_run member which
was introduced and used by commit above is never assigned a default value
so the first time it is used, reading from it causes uninitialised read.

To fix the issue, we simply ensure last_run task member gets a default
value when the task or tasklet is created. We use '0' as default value,
as the value itself is from minor importance because the member is used
to detect if the task has already been executed for the current loop cycle
so it will self-correct in any case.

No backport needed, unless 7d40b31 is
---
 include/haproxy/task.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/haproxy/task.h b/include/haproxy/task.h
index 115f6e794..bb4b4e73c 100644
--- a/include/haproxy/task.h
+++ b/include/haproxy/task.h
@@ -554,6 +554,7 @@ static inline struct task *task_init(struct task *t, int tid)
 	t->wake_date = 0;
 	t->expire = TICK_ETERNITY;
 	t->caller = NULL;
+	t->last_run = 0;
 	return t;
 }
 
@@ -569,6 +570,7 @@ static inline void tasklet_init(struct tasklet *t)
 	t->tid = -1;
 	t->wake_date = 0;
 	t->caller = NULL;
+	t->last_run = 0;
 	LIST_INIT(&t->list);
 }