[Bug 271] New: using json parser twice in two unnested log statements causes segfault
https://bugzilla.balabit.com/show_bug.cgi?id=271 Summary: using json parser twice in two unnested log statements causes segfault Product: syslog-ng Version: 3.5.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: bugzilla.balabit@faxm0dem.org Type of the Report: --- Estimated Hours: 0.0 Created an attachment (id=91) --> (https://bugzilla.balabit.com/attachment.cgi?id=91) minimal configuration to trigger segfault The attached configuration causes a segfault on startup (before any messages make it to source). Here's a stack trace: -- (gdb) bt full #0 0x00007fd54fe6e86f in __strlen_sse42 () from /lib64/libc.so.6 No symbol table info available. #1 0x00007fd54d2c9766 in log_json_parser_set_marker () from /lib64/syslog-ng/libjson-plugin.so No symbol table info available. #2 0x00007fd54d2c9e1b in log_json_parser_clone () from /lib64/syslog-ng/libjson-plugin.so No symbol table info available. #3 0x00007fd551884a1e in log_pipe_clone () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #4 0x00007fd55188560c in cfg_tree_compile_single () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #5 0x00007fd551886224 in cfg_tree_compile_node () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #6 0x00007fd551885c02 in cfg_tree_compile_sequence () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #7 0x00007fd551886267 in cfg_tree_compile_node () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #8 0x00007fd551885a98 in cfg_tree_compile_reference () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #9 0x00007fd551886247 in cfg_tree_compile_node () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #10 0x00007fd551885c02 in cfg_tree_compile_sequence () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #11 0x00007fd551886267 in cfg_tree_compile_node () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #12 0x00007fd551886306 in cfg_tree_compile_rule () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #13 0x00007fd551886639 in cfg_tree_compile () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #14 0x00007fd55188667d in cfg_tree_start () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #15 0x00007fd55188045d in cfg_init () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #16 0x00007fd55189cc8a in main_loop_initialize_state () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #17 0x00007fd55189d253 in main_loop_init () from /lib64/libsyslog-ng-3.5.3.so No symbol table info available. #18 0x0000000000401805 in main () No symbol table info available. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=271 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |algernon@balabit.hu AssignedTo|bazsi@balabit.hu |algernon@balabit.hu -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=271 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugzilla.balabit.com/show_bug.cgi?id=271 Gergely Nagy <algernon@balabit.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution| |FIXED Status|ASSIGNED |RESOLVED --- Comment #1 from Gergely Nagy <algernon@balabit.hu> 2014-02-25 16:28:19 --- This is patched on 3.5/master now: https://github.com/balabit/syslog-ng/commit/02239fa6cf60755831d5c58f434c8023... The problem was that when json-parser is used in two places, we clone the structure. In the process, we tried to clone the marker() setting too, which was not set, so we ended up with a NULL string, and tried to strlen() that, which crashed. The solution is to only clone marker() if it is set in the original. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla@bugzilla.balabit.com