From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
Date: Mon, 15 Jul 2024 17:37:14 +0000 (+0000)
Subject: Fix use-after-free in statefulhelper::submit() level-9 debug (#1859)
X-Git-Tag: SQUID_7_0_1~90
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=334a9819a736156c8207530be0165f49c0ad0fa2;p=thirdparty%2Fsquid.git

Fix use-after-free in statefulhelper::submit() level-9 debug (#1859)

A debug statement in helper.cc dereferences a pointer which
might have been freed in helperStatefulDispatch.

Detected by Semgrep
---

diff --git a/src/helper.cc b/src/helper.cc
index 197cd8f16a..34267335e3 100644
--- a/src/helper.cc
+++ b/src/helper.cc
@@ -681,14 +681,12 @@ statefulhelper::submit(const char *buf, HLPCB * callback, void *data, const Help
         helper_stateful_server *srv;
         if ((srv = StatefulGetFirstAvailable(this))) {
             reserveServer(srv);
-            helperStatefulDispatch(srv, r);
+            helperStatefulDispatch(srv, r); // may delete r
         } else
             StatefulEnqueue(this, r);
     }
 
-    debugs(84, DBG_DATA, "placeholder: '" << r->request.placeholder <<
-           "', " << Raw("buf", buf, (!buf?0:strlen(buf))));
-
+    // r may be dangling here
     syncQueueStats();
 }