From 91578212d7cef7405f3631db43a086ac9f9ca162 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 14 Jan 2025 07:39:48 +0100 Subject: [PATCH] BUG/MEDIUM: promex: Use right context pointers to dump backends extra-counters When backends extra counters are dumped, the wrong pointer was used in the promex context to retrieve the stats module. p[1] must be used instead of p[2]. Because of this typo, a infinite loop could be experienced if the output buffer is full during this stage. But in all cases an overflow is possible leading to a memory corruption. This patch may be related to issue #2831. It must be backported as far as 3.0. --- addons/promex/service-prometheus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/promex/service-prometheus.c b/addons/promex/service-prometheus.c index e0a20be499..0df71a6b0c 100644 --- a/addons/promex/service-prometheus.c +++ b/addons/promex/service-prometheus.c @@ -1037,7 +1037,7 @@ static int promex_dump_back_metrics(struct appctx *appctx, struct htx *htx) static struct ist prefix = IST("haproxy_backend_"); struct promex_ctx *ctx = appctx->svcctx; struct proxy *px = ctx->p[0]; - struct stats_module *mod = ctx->p[2]; + struct stats_module *mod = ctx->p[1]; struct server *sv; struct field val; struct channel *chn = sc_ic(appctx_sc(appctx)); -- 2.47.3