From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 18 May 2016 05:21:28 +0000 (-0600)
Subject: HttpHeaderEntry leaks and HttpHeader::len corruption by delById().
X-Git-Tag: SQUID_4_0_11~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5134d3a4a04c90ffe60fe8ad8c00e13af0fef920;p=thirdparty%2Fsquid.git

HttpHeaderEntry leaks and HttpHeader::len corruption by delById().

AFAICT, this regression was introduced in trunk r14285 (Refactor
HttpHeader into gperf-generated perfect hash) and became severe after
trunk r14659 started calling delById() on virtually every request.
---

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 9be069dab3..0f9b965f4e 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -595,21 +595,17 @@ HttpHeader::delById(Http::HdrType id)
 {
     debugs(55, 8, this << " del-by-id " << id);
     assert(any_registered_header(id));
-    int count=0;
 
     if (!CBIT_TEST(mask, id))
         return 0;
 
-    //replace matching items with nil and count them
-    std::replace_if(entries.begin(), entries.end(),
-    [&](const HttpHeaderEntry *e) {
-        if (e && e->id == id) {
-            ++count;
-            return true;
-        }
-        return false;
-    },
-    nullptr);
+    int count = 0;
+
+    HttpHeaderPos pos = HttpHeaderInitPos;
+    while (HttpHeaderEntry *e = getEntry(&pos)) {
+        if (e->id == id)
+            delAt(pos, count); // deletes e
+    }
 
     CBIT_CLR(mask, id);
     assert(count);