You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ga...@apache.org on 2020/07/07 18:03:17 UTC

[trafficserver] branch master updated: Assert non-zero HdrHeap object size (#6954)

This is an automated email from the ASF dual-hosted git repository.

gancho pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 986d355  Assert non-zero HdrHeap object size (#6954)
986d355 is described below

commit 986d355daf0fc97131e9d6ed22988563e59547c7
Author: Gancho Tenev <10...@users.noreply.github.com>
AuthorDate: Tue Jul 7 11:03:03 2020 -0700

    Assert non-zero HdrHeap object size (#6954)
    
    HdrHeap object length cannot be 0 by design otherwise there is something
    wrong, i.e. possible memory corruption, in such cases iterating over
    HdrHeap objects would lead to infinite loop, i.e. during unmarshaling.
---
 proxy/hdrs/HdrHeap.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/proxy/hdrs/HdrHeap.cc b/proxy/hdrs/HdrHeap.cc
index 1452a8e..dfa387a 100644
--- a/proxy/hdrs/HdrHeap.cc
+++ b/proxy/hdrs/HdrHeap.cc
@@ -400,6 +400,9 @@ HdrHeap::evacuate_from_str_heaps(HdrStrHeap *new_heap)
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ((URLImpl *)obj)->move_strings(new_heap);
@@ -440,6 +443,9 @@ HdrHeap::required_space_for_evacuation()
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ret += ((URLImpl *)obj)->strings_length();
@@ -514,6 +520,9 @@ HdrHeap::sanity_check_strs()
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ((URLImpl *)obj)->check_strings(heaps, num_heaps);
@@ -937,6 +946,9 @@ HdrHeap::unmarshal(int buf_length, int obj_type, HdrHeapObjImpl **found_obj, Ref
     HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(obj_data);
     ink_assert(obj_is_aligned(obj));
 
+    // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+    ink_release_assert(0 != obj->m_length);
+
     if (obj->m_type == static_cast<unsigned>(obj_type) && *found_obj == nullptr) {
       *found_obj = obj;
     }