BUG/MINOR: sample: fix concat() converter's corruption with non-string variables

Patrick Hemmer reported that calling concat() with an integer variable
causes a %00 to appear at the beginning of the output. Looking at the
code, it's not surprising. The function uses get_trash_chunk() to get
one of the trashes, but can call casting functions which will also use
their trash in turn and will cycle back to ours, causing the trash to
be overwritten before being assigned to a sample.

By allocating the trash from a pool using alloc_trash_chunk(), we can
avoid this. However we must free it so the trash's contents must be
moved to a permanent trash buffer before returning. This is what's
achieved using smp_dup().

This should be backported as far as 2.0.

(cherry picked from commit 591fc3a330005c289b4705fe4cb37c4eec9f9eed)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 79f4360bcbf4d4c4a56b7688dbb2cea839a5b9ba)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 3d8ff18aaa8046d3e64a94d33c180db88c8033a0)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/sample.c b/src/sample.c
index 31b2274..e38a98e 100644 (file)
--- a/src/sample.c
+++ b/src/sample.c
@@ -2750,7 +2750,7 @@ static int sample_conv_concat(const struct arg *arg_p, struct sample *smp, void
        struct sample tmp;
        int max;
 
-       trash = get_trash_chunk();
+       trash = alloc_trash_chunk();
        trash->data = smp->data.u.str.data;
        if (trash->data > trash->size - 1)
                trash->data = trash->size - 1;
@@ -2802,6 +2802,8 @@ static int sample_conv_concat(const struct arg *arg_p, struct sample *smp, void
 
        smp->data.u.str = *trash;
        smp->data.type = SMP_T_STR;
+       smp_dup(smp);
+       free_trash_chunk(trash);
        return 1;
 }