From a6cc7e872a0cbdee274dcba108eb7a8019721145 Mon Sep 17 00:00:00 2001 From: Tim Duesterhus Date: Mon, 13 May 2019 10:53:29 +0200 Subject: [PATCH] BUG/MINOR: vars: Fix memory leak in vars_check_arg vars_check_arg previously leaked the string containing the variable name: Consider this config: frontend fe1 mode http bind :8080 http-request set-header X %[var(txn.host)] Starting HAProxy and immediately stopping it by sending a SIGINT makes Valgrind report this leak: ==7795== 9 bytes in 1 blocks are definitely lost in loss record 15 of 71 ==7795== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7795== by 0x4AA2AD: my_strndup (standard.c:2227) ==7795== by 0x51FCC5: make_arg_list (arg.c:146) ==7795== by 0x4CF095: sample_parse_expr (sample.c:897) ==7795== by 0x4BA7D7: add_sample_to_logformat_list (log.c:495) ==7795== by 0x4BBB62: parse_logformat_string (log.c:688) ==7795== by 0x4E70A9: parse_http_req_cond (http_rules.c:239) ==7795== by 0x41CD7B: cfg_parse_listen (cfgparse-listen.c:1466) ==7795== by 0x480383: readcfgfile (cfgparse.c:2089) ==7795== by 0x47A081: init (haproxy.c:1581) ==7795== by 0x4049F2: main (haproxy.c:2591) This leak can be detected even in HAProxy 1.6, this patch thus should be backported to all supported branches [Cf: This fix was reverted because the chunk's area was inconditionnaly released, making haproxy to crash when spoe was enabled. Now the chunk is released by calling chunk_destroy(). This function takes care of the chunk's size to release it or not. It is the responsibility of callers to set or not the chunk's size.] --- src/vars.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/vars.c b/src/vars.c index 477a146..ae7e082 100644 --- a/src/vars.c +++ b/src/vars.c @@ -511,6 +511,9 @@ int vars_check_arg(struct arg *arg, char **err) if (!name) return 0; + /* properly destroy the chunk */ + chunk_destroy(&arg->data.str); + /* Use the global variable name pointer. */ arg->type = ARGT_VAR; arg->data.var.name = name; -- 1.7.10.4