[trafficserver] branch master updated: heap use after free

2018-09-12 Thread duke8253 
This is an automated email from the ASF dual-hosted git repository.

duke8253 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 480ba87  heap use after free
480ba87 is described below

commit 480ba87c17badad20a20d85f88c8a992b893cfe0
Author: Fei Deng 
AuthorDate: Wed Sep 12 10:03:19 2018 -0500

heap use after free
---
 proxy/http/HttpTransact.cc | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index a861e60..76187b6 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -8146,7 +8146,12 @@ HttpTransact::client_result_stat(State *s, ink_hrtime 
total_time, ink_hrtime req
   ///
   // don't count errors we generated as hits or misses //
   ///
-  if ((s->source == SOURCE_INTERNAL) && 
(s->hdr_info.client_response.status_get() >= 400)) {
+  int client_response_status = HTTP_STATUS_NONE;
+  if (s->hdr_info.client_response.valid()) {
+client_response_status = s->hdr_info.client_response.status_get();
+  }
+
+  if ((s->source == SOURCE_INTERNAL) && client_response_status >= 400) {
 client_transaction_result = CLIENT_TRANSACTION_RESULT_ERROR_OTHER;
   }
 
@@ -8241,9 +8246,8 @@ HttpTransact::client_result_stat(State *s, ink_hrtime 
total_time, ink_hrtime req
   }
   // Count the status codes, assuming the client didn't abort (i.e. there is 
an m_http)
   if ((s->source != SOURCE_NONE) && (s->client_info.abort == DIDNOT_ABORT)) {
-int status_code = s->hdr_info.client_response.status_get();
 
-switch (status_code) {
+switch (client_response_status) {
 case 100:
   HTTP_INCREMENT_DYN_STAT(http_response_status_100_count_stat);
   break;
@@ -8364,7 +8368,7 @@ HttpTransact::client_result_stat(State *s, ink_hrtime 
total_time, ink_hrtime req
 default:
   break;
 }
-switch (status_code / 100) {
+switch (client_response_status / 100) {
 case 1:
   HTTP_INCREMENT_DYN_STAT(http_response_status_1xx_count_stat);
   break;

[trafficserver] branch master updated: heap use after free

2018-02-02 Thread bcall 
This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 630dcb6  heap use after free
630dcb6 is described below

commit 630dcb663c68406c9a569285325a37a8db375017
Author: Fei Deng 
AuthorDate: Thu Feb 1 16:42:54 2018 -0600

heap use after free
---
 proxy/http2/Http2ConnectionState.cc | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/proxy/http2/Http2ConnectionState.cc 
b/proxy/http2/Http2ConnectionState.cc
index 54b2fb2..e14920e 100644
--- a/proxy/http2/Http2ConnectionState.cc
+++ b/proxy/http2/Http2ConnectionState.cc
@@ -1186,8 +1186,13 @@ Http2ConnectionState::release_stream(Http2Stream *stream)
 if (total_client_streams_count == 0) {
   if (fini_received) {
 // We were shutting down, go ahead and terminate the session
+// this is a member of Http2ConnectionState and will be freed
+// when ua_session is destroyed
 ua_session->destroy();
-ua_session = nullptr;
+
+// Can't do this because we just destroyed right here ^,
+// or we can use a local variable to do it.
+// ua_session = nullptr;
   } else if (shutdown_state == HTTP2_SHUTDOWN_IN_PROGRESS) {
 this_ethread()->schedule_imm_local((Continuation *)this, 
HTTP2_SESSION_EVENT_FINI);
   }

-- 
To stop receiving notification emails like this one, please contact
bc...@apache.org.