BUG/MINOR: sample: fix concat() converter's corruption with non-string variables

Patrick Hemmer reported that calling concat() with an integer variable
causes a %00 to appear at the beginning of the output. Looking at the
code, it's not surprising. The function uses get_trash_chunk() to get
one of the trashes, but can call casting functions which will also use
their trash in turn and will cycle back to ours, causing the trash to
be overwritten before being assigned to a sample.

By allocating the trash from a pool using alloc_trash_chunk(), we can
avoid this. However we must free it so the trash's contents must be
moved to a permanent trash buffer before returning. This is what's
achieved using smp_dup().

This should be backported as far as 2.0.

diff --git a/src/sample.c b/src/sample.c
index 21070e1cff6d3ab9d90949f349e561c2f5f821d5..41d95d86c21c6ca4a79c5977359695893b165355 100644 (file)
--- a/src/sample.c
+++ b/src/sample.c
@@ -3000,7 +3000,7 @@ static int sample_conv_concat(const struct arg *arg_p, struct sample *smp, void
        struct sample tmp;
        int max;
 
-       trash = get_trash_chunk();
+       trash = alloc_trash_chunk();
        trash->data = smp->data.u.str.data;
        if (trash->data > trash->size - 1)
                trash->data = trash->size - 1;
@@ -3052,6 +3052,8 @@ static int sample_conv_concat(const struct arg *arg_p, struct sample *smp, void
 
        smp->data.u.str = *trash;
        smp->data.type = SMP_T_STR;
+       smp_dup(smp);
+       free_trash_chunk(trash);
        return 1;
 }