sudheerv commented on pull request #6950: URL: https://github.com/apache/trafficserver/pull/6950#issuecomment-649718921
Just Fyi, looks like this buffer corruption was caused by commit d0e927782c06db165720ee44f7538032a33e78a6 . The code prior to this used null pointer to identify the uninitialized unmapped url string in the set methods, but, this commit changed the initial value to a global fixed char buffer, which broke the set methods from being able to identify uninitialized urls and ended up overrunning the buffer. ```commit d0e927782c06db165720ee44f7538032a33e78a6 Author: Aaron Canary <[email protected]> Date: Tue Jun 13 09:49:07 2017 -0500 LogAccessHttp init strlen to 0, not -1 Code was using -1 string length to signify that had not been validated yet. This caused marshal_mem to allocate 0 bytes, below the INK_MIN_ALIGN, and write to unallocated mem. Now code initializes all string length vars to 0, and upon failure to validate, the string ptr is set to INVALID_STR to prevent multiple validataions attempts. Fixes YTSATS-1240 + Removed const_cast on INVALID_STR + removed len < 0 checks. + Replaced 0 >= len checks with str == INVALID_STR format ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
