maskit opened a new pull request, #13078: URL: https://github.com/apache/trafficserver/pull/13078
- Fix use-after-free in ParsedConfigCache when config values are short enough for std::string SSO (Small String Optimization) - ParsedValue::parse() returned by value, and emplace moved it into the map — relocating the SSO inline buffer while string_views in TargetedCacheControlHeaders::headers[] still pointed to the old address - Make ParsedValue non-movable and use try_emplace + parse_into() so parsing happens directly in the map node - Also fixes the same class of bug for HostResData::conf_value and HttpStatusCodeList::conf_value pointers Reproducer: configure conf_remap with a short targeted header value like ACME-Cache-Control (18 chars, within libc++ SSO threshold of 22). The string_views in the per-transaction override become dangling, causing incorrect cache behavior. The SSO threshold varies by standard library — libc++ (macOS/clang): 22 bytes, libstdc++ (GCC/Linux): 15 bytes. A value like ACME-Cache-Control (18 chars) triggers SSO on libc++ but uses heap allocation on libstdc++, where the buffer pointer survives the move. This is why the bug may reproduce on macOS but not on Linux CI with GCC. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
