[master] dcb1cc800 ws: Enforce that WS_Front() is only for reservations

[Dridi Boukelmoune]

commit dcb1cc800bbdf626a51d55bceb96ceb5c313b6ad
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Tue May 5 15:21:36 2020 +0200

    ws: Enforce that WS_Front() is only for reservations
    
    There is otherwise no valid use case to peek inside the workspace.
    
    Only vmod_blob would grab the front pointer before making its
    reservation, but ultimately grabbing the front pointer because it
    needs it for a reservation, proving the point.
    
    Initially caught by wssan from #3320.

diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h
index 63d72b526..4d2a7c00e 100644
--- a/bin/varnishd/cache/cache.h
+++ b/bin/varnishd/cache/cache.h
@@ -800,6 +800,8 @@ char *WS_VSB_finish(struct vsb *, struct ws *, size_t *);
 static inline char*
 WS_Front(const struct ws *ws)
 {
+
+	AN(ws->r);
 	return ws->f;
 }
 
diff --git a/lib/libvmod_blob/vmod_blob.c b/lib/libvmod_blob/vmod_blob.c
index a805fa8e2..84d3675c0 100644
--- a/lib/libvmod_blob/vmod_blob.c
+++ b/lib/libvmod_blob/vmod_blob.c
@@ -340,8 +340,8 @@ vmod_decode(VRT_CTX, VCL_ENUM decs, VCL_INT length, VCL_STRANDS strings)
 	AN(strings);
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 
-	buf = WS_Front(ctx->ws);
 	space = WS_ReserveAll(ctx->ws);
+	buf = WS_Front(ctx->ws);
 
 	if (length <= 0)
 		length = -1;
@@ -379,8 +379,8 @@ encode(VRT_CTX, enum encoding enc, enum case_e kase, VCL_BLOB b)
 
 	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
 	snap = WS_Snapshot(ctx->ws);
-	buf = WS_Front(ctx->ws);
 	space = WS_ReserveAll(ctx->ws);
+	buf = WS_Front(ctx->ws);
 
 	len = func[enc].encode(enc, kase, buf, space, b->blob, b->len);