From 5179146fa35a74c46a4bf4bcd58c97696edc9810 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 18 Nov 2016 18:21:39 +0100 Subject: [PATCH] BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory Commit ef8f4fe ("BUG/MINOR: stick-table: handle out-of-memory condition gracefully") unfortunately got trapped by a pointer operation. Replacing ts = poll_alloc() + size; with : ts = poll_alloc(); ts += size; Doesn't give the same result because pool_alloc() is void while ts is a struct stksess*. So now we don't access the same places, which is visible in certain stick-table scenarios causing a crash. This must be backported to 1.6 and 1.5. --- src/stick_table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stick_table.c b/src/stick_table.c index 7026fe656..8f0392c41 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -173,7 +173,7 @@ struct stksess *stksess_new(struct stktable *t, struct stktable_key *key) ts = pool_alloc2(t->pool); if (ts) { t->current++; - ts += t->data_size; + ts = (void *)ts + t->data_size; stksess_init(t, ts); if (key) stksess_setkey(t, ts, key);