From 041a626a8acfd53aa3710cd3d620f7f9f01fe893 Mon Sep 17 00:00:00 2001 From: Tim Duesterhus Date: Sat, 4 Jul 2020 11:49:46 +0200 Subject: [PATCH] BUG/MINOR: sample: Free str.area in smp_check_const_meth Given the following example configuration: listen foo mode http bind *:8080 http-request set-var(txn.leak) meth(GET) server x example.com:80 Running a configuration check with valgrind reports: ==25992== 4 bytes in 1 blocks are definitely lost in loss record 1 of 344 ==25992== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==25992== by 0x4E239D: my_strndup (tools.c:2261) ==25992== by 0x581E20: make_arg_list (arg.c:253) ==25992== by 0x4DE91D: sample_parse_expr (sample.c:890) ==25992== by 0x58E304: parse_store (vars.c:772) ==25992== by 0x566A3F: parse_http_req_cond (http_rules.c:95) ==25992== by 0x4A4CE6: cfg_parse_listen (cfgparse-listen.c:1339) ==25992== by 0x494C59: readcfgfile (cfgparse.c:2049) ==25992== by 0x545145: init (haproxy.c:2029) ==25992== by 0x421E42: main (haproxy.c:3175) After this patch is applied the leak is gone as expected. This is a fairly minor leak, but it can add up for many uses of the `bool()` sample fetch. The bug most likely exists since the `bool()` sample fetch was introduced in commit cc103299c75c530ab3637a1698306145bdc85552. The fix may be backported to HAProxy 1.6+. --- src/sample.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sample.c b/src/sample.c index ff84b3eba..5b52dfd2f 100644 --- a/src/sample.c +++ b/src/sample.c @@ -3644,6 +3644,8 @@ static int smp_check_const_meth(struct arg *args, char **err) meth = find_http_meth(args[0].data.str.area, args[0].data.str.data); if (meth != HTTP_METH_OTHER) { + free(args[0].data.str.area); + args[0].type = ARGT_SINT; args[0].data.sint = meth; } else {