Lighttpd

Hi,

It is possible for an uninitialized value to propagate its way through the request pipeline. The problem is best described by the valgrind output (using --track-origins, a new option in 3.4.0):

00:00:00:41.327 7667 Conditional jump or move depends on uninitialised value(s)
00:00:00:41.327 7667 at 0x425DD5: http_response_parse_cq (http_resp.c:115)
00:00:00:41.327 7667 by 0x68C24C7: proxy_http_stream_decoder (mod_proxy_backend_http.c:87)
00:00:00:41.327 7667 by 0x66B7E9F: proxy_stream_encode_decode (mod_proxy_core.c:847)
00:00:00:41.327 7667 by 0x66B9B3F: proxy_state_engine (mod_proxy_core.c:1564)
00:00:00:41.327 7667 by 0x66BA407: mod_proxy_core_start_backend (mod_proxy_core.c:2400)
00:00:00:41.327 7667 by 0x41C60E: plugins_call_handle_send_request_content (plugin.c:385)
00:00:00:41.327 7667 by 0x40E3E2: connection_state_machine (connections.c:1217)
00:00:00:41.327 7667 by 0x4091EB: lighty_mainloop (server.c:1005)
00:00:00:41.327 7667 by 0x40AC46: main (server.c:1773)
00:00:00:41.327 7667 Uninitialised value was created by a heap allocation
00:00:00:41.327 7667 at 0x4B226AB: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
00:00:00:41.327 7667 by 0x41667D: buffer_prepare_copy (buffer.c:88)
00:00:00:41.327 7667 by 0x423A7C: network_read_chunkqueue_read (network_write.c:59)
00:00:00:41.327 7667 by 0x66B7D8C: proxy_handle_fdevent (mod_proxy_core.c:1016)
00:00:00:41.327 7667 by 0x40907F: lighty_mainloop (server.c:945)
00:00:00:41.327 7667 by 0x40AC46: main (server.c:1773)

-dave