[master] 35f574fb9 fix bad free of vsb on the stack

Dridi Boukelmoune dridi at varni.sh
Mon Jan 20 13:18:49 UTC 2020 

On Mon, Jan 20, 2020 at 10:25 AM Nils Goroll <nils.goroll at uplex.de> wrote:
>
> FTR: VSB_delete() does not actually free a fixed VSB, so this is purely cosmetic
> (and to appease coverity)

I looked at this yesterday and couldn't find a problem. I came to the
conclusion that Coverity Scan was not smart enough to see this was
safe (and to be fair, it's not too surprising) but I wouldn't have
removed those lines since it is correct and clears the VSB state on
the stack (unless of course it's optimized away) before the function
returns.

There is also the integrity check that could catch (unlikely) future mistakes.

Dridi

> On 20/01/2020 11:21, Nils Goroll wrote:
> > commit 35f574fb9fdae92812f64383bbfc26e2b3505437
> > Author: Nils Goroll <nils.goroll at uplex.de>
> > Date:   Mon Jan 20 11:17:14 2020 +0100
> >
> >     fix bad free of vsb on the stack
> >
> >     introduced with a74315bcebce9aae690e53847581e7f94033eff1
> >
> >     spotted by coverity
> >
> > diff --git a/bin/varnishd/proxy/cache_proxy_proto.c b/bin/varnishd/proxy/cache_proxy_proto.c
> > index 4a9d0e681..fb24fafdc 100644
> > --- a/bin/varnishd/proxy/cache_proxy_proto.c
> > +++ b/bin/varnishd/proxy/cache_proxy_proto.c
> > @@ -758,10 +758,8 @@ VPX_Send_Proxy(int fd, int version, const struct sess *sp)
> >
> >       r = write(fd, VSB_data(vsb), VSB_len(vsb));
> >
> > -     if (!DO_DEBUG(DBG_PROTOCOL)) {
> > -             VSB_delete(vsb);
> > +     if (!DO_DEBUG(DBG_PROTOCOL))
> >               return (r);
> > -     }
> >
> >       vsb2 = VSB_new_auto();
> >       AN(vsb2);
> > @@ -769,7 +767,6 @@ VPX_Send_Proxy(int fd, int version, const struct sess *sp)
> >           version == 2 ? VSB_QUOTE_HEX : 0);
> >       AZ(VSB_finish(vsb2));
> >       VSL(SLT_Debug, 999, "PROXY_HDR %s", VSB_data(vsb2));
> > -     VSB_delete(vsb);
> >       VSB_delete(vsb2);
> >       return (r);
> >  }
> > _______________________________________________
> > varnish-commit mailing list
> > varnish-commit at varnish-cache.org
> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
>
>
> --
>
> ** * * UPLEX - Nils Goroll Systemoptimierung
>
> Scheffelstraße 32
> 22301 Hamburg
>
> tel +49 40 28805731
> mob +49 170 2723133
> fax +49 40 42949753
>
> xmpp://slink@jabber.int.uplex.de/
>
> http://uplex.de/
>
>
> _______________________________________________
> varnish-commit mailing list
> varnish-commit at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit

More information about the varnish-commit mailing list