From: Tim Duesterhus Date: Sat, 12 Sep 2020 18:26:42 +0000 (+0200) Subject: BUG/MINOR: Fix type passed of sizeof() for calloc() X-Git-Tag: v2.3-dev5~100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b53dd03dc04eb4842fd094747798ef763cd3daba;p=thirdparty%2Fhaproxy.git BUG/MINOR: Fix type passed of sizeof() for calloc() newsrv->curr_idle_thr is of type `unsigned int`, not `int`. Fix this issue by simply passing the dereferenced pointer to sizeof, which is the preferred style anyway. This bug was introduced in commit dc2f2753e97ecfe94827de56ee9efd2cd6d39ad3. It first appeared in 2.2-dev5. The patch must be backported to 2.2+. It is notable that the `calloc` call was not introduced within the commit in question. The allocation was already happening before that commit and it already looked like it does after applying the patch. Apparently the argument for the `sizeof` managed to get broken during the rearrangement that happened in that commit: for (i = 0; i < global.nbthread; i++) - MT_LIST_INIT(&newsrv->idle_orphan_conns[i]); - newsrv->curr_idle_thr = calloc(global.nbthread, sizeof(*newsrv->curr_idle_thr)); + MT_LIST_INIT(&newsrv->safe_conns[i]); + + newsrv->curr_idle_thr = calloc(global.nbthread, sizeof(int)); Even more notable is that I previously fixed that *exact same* allocation in commit 017484c80f2fd265281853fdf0bc816b19a751da. So apparently it was managed to break this single line twice in the same way for whatever reason there might be. --- diff --git a/src/cfgparse.c b/src/cfgparse.c index 17db1fcae3..7fc499a6fe 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -3611,7 +3611,7 @@ out_uri_auth_compat: for (i = 0; i < global.nbthread; i++) MT_LIST_INIT(&newsrv->safe_conns[i]); - newsrv->curr_idle_thr = calloc(global.nbthread, sizeof(int)); + newsrv->curr_idle_thr = calloc(global.nbthread, sizeof(*newsrv->curr_idle_thr)); if (!newsrv->curr_idle_thr) goto err; continue;