From ccecfbaca176d3c687702b03ad03a76ca7d581f7 Mon Sep 17 00:00:00 2001
From: Gancho Tenev <gancho@apache.org>
Date: Thu, 25 Jun 2020 10:15:29 -0700
Subject: [PATCH] Assert non-zero HdrHeap object size

HdrHeap object length cannot be 0 by design otherwise there is something
wrong, i.e. possible memory corruption, in such cases iterating over
HdrHeap objects would lead to infinite loop, i.e. during unmarshaling.
---
 proxy/hdrs/HdrHeap.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/proxy/hdrs/HdrHeap.cc b/proxy/hdrs/HdrHeap.cc
index 1452a8ed4f3..dfa387abddc 100644
--- a/proxy/hdrs/HdrHeap.cc
+++ b/proxy/hdrs/HdrHeap.cc
@@ -400,6 +400,9 @@ HdrHeap::evacuate_from_str_heaps(HdrStrHeap *new_heap)
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ((URLImpl *)obj)->move_strings(new_heap);
@@ -440,6 +443,9 @@ HdrHeap::required_space_for_evacuation()
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ret += ((URLImpl *)obj)->strings_length();
@@ -514,6 +520,9 @@ HdrHeap::sanity_check_strs()
     while (data < h->m_free_start) {
       HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(data);
 
+      // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+      ink_release_assert(0 != obj->m_length);
+
       switch (obj->m_type) {
       case HDR_HEAP_OBJ_URL:
         ((URLImpl *)obj)->check_strings(heaps, num_heaps);
@@ -937,6 +946,9 @@ HdrHeap::unmarshal(int buf_length, int obj_type, HdrHeapObjImpl **found_obj, Ref
     HdrHeapObjImpl *obj = reinterpret_cast<HdrHeapObjImpl *>(obj_data);
     ink_assert(obj_is_aligned(obj));
 
+    // Object length cannot be 0 by design, otherwise something is wrong + infinite loop here!
+    ink_release_assert(0 != obj->m_length);
+
     if (obj->m_type == static_cast<unsigned>(obj_type) && *found_obj == nullptr) {
       *found_obj = obj;
     }