From 5b52b0039319aff61360838b83cb7247942646f6 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 26 Feb 2021 21:19:53 +0100
Subject: [PATCH] CLEANUP: vars: always zero the pointers after a free()

In sample_store(), depending on the new sample types, the area pointer
was not always zeroed after being freed. Let's make sure it's always the
case to avoid the risk of dangling pointers being misused.
---
 src/vars.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/vars.c b/src/vars.c
index 3da4430..c101c72 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -141,11 +141,11 @@ unsigned int var_clear(struct var *var)
 	unsigned int size = 0;
 
 	if (var->data.type == SMP_T_STR || var->data.type == SMP_T_BIN) {
-		free(var->data.u.str.area);
+		ha_free(&var->data.u.str.area);
 		size += var->data.u.str.data;
 	}
 	else if (var->data.type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
-		free(var->data.u.meth.str.area);
+		ha_free(&var->data.u.meth.str.area);
 		size += var->data.u.meth.str.data;
 	}
 	LIST_DEL(&var->l);
@@ -352,12 +352,12 @@ static int sample_store(struct vars *vars, const char *name, struct sample *smp)
 		/* free its used memory. */
 		if (var->data.type == SMP_T_STR ||
 		    var->data.type == SMP_T_BIN) {
-			free(var->data.u.str.area);
+			ha_free(&var->data.u.str.area);
 			var_accounting_diff(vars, smp->sess, smp->strm,
 					    -var->data.u.str.data);
 		}
 		else if (var->data.type == SMP_T_METH && var->data.u.meth.meth == HTTP_METH_OTHER) {
-			free(var->data.u.meth.str.area);
+			ha_free(&var->data.u.meth.str.area);
 			var_accounting_diff(vars, smp->sess, smp->strm,
 					    -var->data.u.meth.str.data);
 		}
-- 
1.7.10.4