In _event_hdl_publish(), when we prepare the asynchronous event and no
<data> was provided (set to NULL), we forgot to initialize the _data
event_hdl_async_event struct member to NULL, which leads to uninitialized
reads in event_hdl_async_free_event() when the event is freed:
==
1002331== Conditional jump or move depends on uninitialised value(s)
==
1002331== at 0x35D9D1: event_hdl_async_free_event (event_hdl.c:224)
==
1002331== by 0x1CC8EC: hlua_event_runner (hlua.c:9917)
==
1002331== by 0x39AD3F: run_tasks_from_lists (task.c:641)
==
1002331== by 0x39B7B4: process_runnable_tasks (task.c:883)
==
1002331== by 0x314B48: run_poll_loop (haproxy.c:2976)
==
1002331== by 0x315218: run_thread_poll_loop (haproxy.c:3190)
==
1002331== by 0x18061D: main (haproxy.c:3747)
The bug severity was set to MEDIUM because of its nature, and it's best
if this patch can be backported up to 2.8. But in practise it can only be
triggered with events that don't provide optional data: since PAT_REF
events are the first native events making use of this feature, this bug
shouldn't be an issue before
f72a66e ("MINOR: pattern: publish event_hdl
events on pat_ref updates")
projects / thirdparty / haproxy.git / commitdiff
