From: Willy Tarreau Date: Fri, 18 Nov 2016 17:21:39 +0000 (+0100) Subject: BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory X-Git-Tag: v1.7.0~80 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5179146fa35a74c46a4bf4bcd58c97696edc9810;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory Commit ef8f4fe ("BUG/MINOR: stick-table: handle out-of-memory condition gracefully") unfortunately got trapped by a pointer operation. Replacing ts = poll_alloc() + size; with : ts = poll_alloc(); ts += size; Doesn't give the same result because pool_alloc() is void while ts is a struct stksess*. So now we don't access the same places, which is visible in certain stick-table scenarios causing a crash. This must be backported to 1.6 and 1.5. --- diff --git a/src/stick_table.c b/src/stick_table.c index 7026fe6565..8f0392c413 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -173,7 +173,7 @@ struct stksess *stksess_new(struct stktable *t, struct stktable_key *key) ts = pool_alloc2(t->pool); if (ts) { t->current++; - ts += t->data_size; + ts = (void *)ts + t->data_size; stksess_init(t, ts); if (key) stksess_setkey(t, ts, key);