This is an automated email from the ASF dual-hosted git repository.
shukitchan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new e57901caa1 Zero hdrtoken heap to fix use-of-uninitialized-value
(#13172)
e57901caa1 is described below
commit e57901caa14daf4fa43d31db35c3b17437031b92
Author: Kit Chan <[email protected]>
AuthorDate: Mon May 18 15:06:44 2026 -0700
Zero hdrtoken heap to fix use-of-uninitialized-value (#13172)
The hdrtoken heap allocated in hdrtoken_init() leaves padding bytes
between each token's null terminator and the next prefix slot
uninitialized, since ink_strlcpy only writes strlen+1 bytes but
heap_ptr advances by sstr_len (rounded up to sizeof(HdrTokenHeapPrefix)).
Switch to ats_calloc so the padding bytes are zeroed.
Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
---
src/proxy/hdrs/HdrToken.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/proxy/hdrs/HdrToken.cc b/src/proxy/hdrs/HdrToken.cc
index 712a5ed7f7..6d2beabfec 100644
--- a/src/proxy/hdrs/HdrToken.cc
+++ b/src/proxy/hdrs/HdrToken.cc
@@ -407,7 +407,7 @@ hdrtoken_init()
heap_size += packed_prefix_str_len;
}
- _hdrtoken_strs_heap_f = static_cast<const char *>(ats_malloc(heap_size));
+ _hdrtoken_strs_heap_f = static_cast<const char *>(ats_calloc(1,
heap_size));
_hdrtoken_strs_heap_l = _hdrtoken_strs_heap_f + heap_size - 1;
char *heap_ptr = const_cast<char *>(_hdrtoken_strs_heap_f);
