------------------------------------------------------------
revno: 13689
revision-id: squid3@treenet.co.nz-20141218124734-4fpfoxb5ti8mda3f
parent: squid3@treenet.co.nz-20141218124332-zwd0zirjx1nje3qp
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Thu 2014-12-18 04:47:34 -0800
message:
  Deleting first fs left psstate->servers pointing to uninitialized memory
  possibly causing infinite loops in peerAddFwdServer().
  
  TODO: The condition itself is excessive. If fs is not nil, the previous check
  already tells us that the Config.forward_max_tries limit is exceeded.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20141218124734-4fpfoxb5ti8mda3f
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f19d2cbc74ea3b9731edf4cfdb5fb99d0d1e6514
# timestamp: 2014-12-18 12:50:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20141218124332-\
#   zwd0zirjx1nje3qp
# 
# Begin patch
=== modified file 'src/peer_select.cc'
--- src/peer_select.cc	2014-09-13 13:59:43 +0000
+++ src/peer_select.cc	2014-12-18 12:47:34 +0000
@@ -264,11 +264,12 @@
     // due to the allocation method of fs, we must deallocate each manually.
     // TODO: use a std::list so we can get the size and abort adding whenever the selection loops reach Config.forward_max_tries
     if (fs && psstate->paths->size() >= (unsigned int)Config.forward_max_tries) {
+        assert(fs == psstate->servers);
         while (fs) {
-            FwdServer *next = fs->next;
+            psstate->servers = fs->next;
             cbdataReferenceDone(fs->_peer);
             memFree(fs, MEM_FWD_SERVER);
-            fs = next;
+            fs = psstate->servers;
         }
     }