Hello, On Sun, Jun 14, 2020 at 7:40 AM Willy Tarreau <w...@1wt.eu> wrote: > On Sun, Jun 14, 2020 at 12:37:43AM +0200, Tim Duesterhus wrote: > > careful with this one: I don't know whether it's safe to simply free the > > expression there or whether I need to somehow check whether there actually > > is some expression. > > > > It does not crash with my stupid example configuration showcasing the leak, > > but of course real world configurations might or might not trigger a bogus > > free there. > > It seems to be OK. I was worried that the pointer could be part of a union > containing either the expression or its text version during parsing, but > this doesn't seem to be the case, so apparently it's OK to always free it > if it appears in a rule.
After this patch, I'm getting a segfault after firing an USR1 signal to trigger the deinit: #0 0x000055b653aaec34 in release_sample_expr (expr=0x55b654766bc0) at src/sample.c:1427 b1427 list_for_each_entry_safe(conv_expr, conv_exprb, &expr->conv_exprs, list) (gdb) bt #0 0x000055b653aaec34 in release_sample_expr (expr=0x55b654766bc0) at src/sample.c:1427 #1 0x000055b653b0d884 in deinit_act_rules (rules=0x55b6547644b0) at src/haproxy.c:2559 #2 0x000055b653b0f09d in deinit () at src/haproxy.c:2707 #3 0x000055b653b0fef8 in deinit_and_exit (status=0) at src/haproxy.c:2872 #4 0x000055b6539f7256 in main (argc=<optimized out>, argv=<optimized out>) at src/haproxy.c:3771 Here is my config: global log 127.0.0.1 format rfc5424 local0 info daemon stats timeout 2m set-dumpable nbproc 1 tune.bufsize 33792 ssl-server-verify none nbthread 16 cpu-map auto:1/1-16 0-15 spread-checks 5 strict-limits no busy-polling defaults mode http log global option httplog option http-keep-alive option forwardfor except 127.0.0.0/8 option redispatch 1 option http-ignore-probes retries 3 retry-on conn-failure empty-response response-timeout 0rtt-rejected timeout http-request 10s timeout queue 1s timeout connect 10s timeout client 180s timeout server 180s timeout http-keep-alive 10s timeout check 5s balance roundrobin http-reuse always default-server inter 5s fastinter 1s fall 3 slowstart 20s observe layer7 error-limit 5 on-error fail-check pool-purge-delay 10s tfo http-check expect status 200 listen stats bind *:8080 stats enable stats uri /haproxy_stats http-request use-service prometheus-exporter if { path /metrics } monitor-uri / frontend fe_foo bind 127.0.0.1:80 name http_ip4 process 1/all tfo acl http ssl_fc,not acl https ssl_fc monitor-uri /delivery/monitor/lb-check # errorfile 200 /etc/haproxy/errorfiles/200.http tcp-request content capture fc_rtt len 10 capture request header Host len 64 capture request header user-agent len 128 capture request header cf-ray len 20 log-format "%tr %TR/%Tw/%Ta %ac/%fc/%bc/%sc/%rc %sq/%bq %{+Q}r" log-format-sd [user@51719\ src_ip=\"%ci\"\ src_port=\"%cp\"\ ftd=\"%f\"\ bkd=\"%b\"\ srv=\"%si:%sp\"\ status=\"%ST\"\ bytes_r=\"%B\"\ tsc=\"%tsc\"\ sslv=\"%sslv\"\ sslc=\"%sslc\"\ h_host=\"%[capture.req.hdr(1)]\"\ meth=\"%HM\"\ version=\"%HV\"\ h_ua=\"%[capture.req.hdr(2)]\"\ cf_dc=\"%[capture.req.hdr(3),word(2,-)]\"\ fc_rtt=\"%[capture.req.hdr(0)]\"\ time_tr=\"%Tr\"\ time_tc=\"%Tc\"\ time_tt=\"%Tt\"] http-response set-log-level silent if { rand(100) ge 1 } http-request del-header connection if { req.hdr(connection) close } http-request set-header x-proto ssl if https http-request set-header x-forwarded-proto https if https http-request set-header x-tls-sessionid %[ssl_fc_session_id,hex] if https http-request add-header x-client-ip %[src] http-request set-header client-ip %[src] http-request set-header x-real-host %[req.hdr(host)] http-request set-header x-server-address %[dst] acl content_encoding_header_exists req.hdr(content-encoding) -m found http-request set-header x-original-content-encoding %[req.hdr(content-encoding)] if content_encoding_header_exists acl host_header_exists req.hdr(host) -m found http-request set-header host %[req.hdr(host),field(1,:)] if host_header_exists acl ::disabled_http_methods method CONNECT http-request deny if ::disabled_http_methods http-request disable-l7-retry if ! METH_GET http-request redirect scheme https code 302 if !{ ssl_fc } METH_GET http-request redirect scheme https code 307 if !{ ssl_fc } ! METH_GET default_backend be_foo backend be_foo server srv0 127.0.0.1:6011 weight 1 -- William