On Wed, 2012-03-14 at 10:23 +0100, Gergely Nagy wrote:
Balazs Scheidler <bazsi@balabit.hu> writes:
#5 0x00007ffff332665d in afmongodb_parse (lexer=0x61d6f0, instance=0x7fffffffa870, arg=0x0) at afmongodb-grammar.y:799 799 | KW_REPLACE '(' string string ')' { value_pairs_transform_set_add_func(last_vp_transset, value_pairs_new_transform_replace($3, $4)); free($3); free($4); }
Something clobbers the heap before the free calls, running under valgrind would probably reveal the cause.
Valgrind shows this, using the attached config:
==16117== Invalid free() / delete / delete[] / realloc() ==16117== at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16117== by 0x4A7A42D: vp_cmdline_parse_rekey_finish (value-pairs.c:462) ==16117== by 0x4A7AC86: value_pairs_new_from_cmdline (value-pairs.c:681) ==16117== by 0x6FF1CAD: tf_json_prepare (tfjson.c:53) ==16117== by 0x4A75E7E: log_template_add_func_elem (templates.c:801) ==16117== by 0x4A76629: log_template_compile (templates.c:1020) ==16117== by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984) ==16117== by 0x6DE853F: affile_parse (affile-grammar.y:822) ==16117== by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83) ==16117== by 0x4A6F214: plugin_parse_config (plugin.c:211) ==16117== by 0x4A83ACD: main_parse (cfg-grammar.y:610) ==16117== by 0x4A45527: cfg_parser_parse (cfg-parser.h:83) ==16117== Address 0x6a38f90 is 0 bytes inside a block of size 7 free'd ==16117== at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16117== by 0x4A7AC57: value_pairs_new_from_cmdline (value-pairs.c:676) ==16117== by 0x6FF1CAD: tf_json_prepare (tfjson.c:53) ==16117== by 0x4A75E7E: log_template_add_func_elem (templates.c:801) ==16117== by 0x4A76629: log_template_compile (templates.c:1020) ==16117== by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984) ==16117== by 0x6DE853F: affile_parse (affile-grammar.y:822) ==16117== by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83) ==16117== by 0x4A6F214: plugin_parse_config (plugin.c:211) ==16117== by 0x4A83ACD: main_parse (cfg-grammar.y:610) ==16117== by 0x4A45527: cfg_parser_parse (cfg-parser.h:83) ==16117== by 0x4A46170: cfg_run_parser (cfg.c:316)
This is a bug introduced by an earlier patch of mine that removes the --rekey option. I'll sand a patch shortly to fix that.
Valgrind would've been my next try, but I had to catch a bus. O:)
However I'd need your configuration to get more information.
My config's now attached, though it's of little use now, as valgrind found the bug above.
I've commited this for the double free: commit cf193a52e2177641921e6ff7cda48bc4a37d971b Author: Balazs Scheidler <bazsi@balabit.hu> Date: Wed Mar 14 20:47:19 2012 +0100 value-pairs: fixed double free in case of an argument parsing failure Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> and this to report template compilation errors properly: commit 7c2cc16233a5fc21232ec22f56a9ae9022e240bd Author: Balazs Scheidler <bazsi@balabit.hu> Date: Wed Mar 14 20:48:09 2012 +0100 cfg-tree: handle template compilation errors properly In case a template was specified directly at a destination, its syntax errors were not properly reported while the configuration was being parsed. This patch fixes that. Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> -- Bazsi