- 10 May, 2021 2 commits
-
-
Dridi Boukelmoune authored
To get the same checks for the code we generate with libvcc.
-
Dridi Boukelmoune authored
-
- 05 May, 2021 1 commit
-
-
Dridi Boukelmoune authored
Spotted by ubsan.
-
- 07 May, 2021 9 commits
-
-
Nils Goroll authored
The main discussion of this topic is going to happen in #3600, but whatever the outcome, the fini method does not happen within the task, so we must not dereference any cached pointers (unless we own them). Closes #3606
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
- 06 May, 2021 3 commits
-
-
Dridi Boukelmoune authored
And doing so plug the director lock leak spotted by asan. Refs 47586588 Refs 6e9b8d6d
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
- 05 May, 2021 5 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
Without this fix workers could busy-spin when idle under debug+vtc_mode.
-
Poul-Henning Kamp authored
-
Dridi Boukelmoune authored
-
- 04 May, 2021 3 commits
-
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
Also document `table` and `log` feature flags. Fixes #3269
-
Poul-Henning Kamp authored
-
- 30 Apr, 2021 13 commits
-
-
Nils Goroll authored
It is not obvious how we could trigger a gmtime_r() EOVERFLOW on 32bit Thank you phk for pushing me back onto the right track at a late hour. Ref #3308
-
Nils Goroll authored
as per pow-wow decision Ref #3308
-
Martin Blix Grydeland authored
-
Martin Blix Grydeland authored
For VCL_TIME values that would convert to a year element that can not fit in an int, gmtime_r would fail, and VTIM_format() would use random stack values when picking weekday and month strings. This patch changes VTIM_format to return "" when gmtime_r reports failures. This way the API is not changed. Callers can test for empty string to catch the failure if needed. VRT_TIME_string is patched to catch the VTIM_format error, and return NULL on failure. Fixes: #3308
-
madhavi.dintakurthy authored
The new -j flag for varnishncsa allows writing JSON logs in combination with -f or -F to specify a custom format. Without -j, the format specifiers could be replaced with strings that would make the JSON invalid. One example is headers: without -j, some headers may be replaced with C-style \xXX escape sequences, which are not valid JSON. Since request headers are controlled by users on the internet, it would be easy for an attacker to make a log entry impossible to parse, which might cause it to be missed by administrators. Another example is numbers. Without -j, format specifiers are replaced with - if the value is empty. A bare - is not valid in JSON, so numbers are replaced with null with the -j flag. In general, -j makes the replacements JSON-compatible for all inputs. Co-authored-by:
Ben Zvan <ben.zvan@target.com> Co-authored-by:
Jasmine Wang <jasmine.wang@target.com> Co-authored-by:
Jordan Christiansen <jordan.christiansen@target.com> Co-authored-by:
Madhavi Dintakurthy <madhavi.dintakurthy@target.com>
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Dridi Boukelmoune authored
I'm leaving ctx alone because it is effectively checked.
-
Dridi Boukelmoune authored
It's otherwise too tight for for varnishstat's default refresh rate, possibly for varnishhist and varnishtop too.
-
Poul-Henning Kamp authored
Spotted by: ubsan
-
Poul-Henning Kamp authored
-
- 29 Apr, 2021 4 commits
-
-
Poul-Henning Kamp authored
Spotted by @cperciva
-
Poul-Henning Kamp authored
-
Poul-Henning Kamp authored
-
Guillaume Quintard authored
-