[syslog-ng] segfault in 3.4 alpha1

Gergely Nagy algernon at balabit.hu
Wed Mar 14 10:23:39 CET 2012 

Balazs Scheidler <bazsi at balabit.hu> writes:

>> #5  0x00007ffff332665d in afmongodb_parse (lexer=0x61d6f0, instance=0x7fffffffa870, arg=0x0) at afmongodb-grammar.y:799
>> 799 | KW_REPLACE '(' string string ')' {
>> value_pairs_transform_set_add_func(last_vp_transset,
>> value_pairs_new_transform_replace($3, $4)); free($3); free($4); }
>
> Something clobbers the heap before the free calls, running under
> valgrind would probably reveal the cause.

Valgrind shows this, using the attached config:

==16117== Invalid free() / delete / delete[] / realloc()
==16117==    at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16117==    by 0x4A7A42D: vp_cmdline_parse_rekey_finish (value-pairs.c:462)
==16117==    by 0x4A7AC86: value_pairs_new_from_cmdline (value-pairs.c:681)
==16117==    by 0x6FF1CAD: tf_json_prepare (tfjson.c:53)
==16117==    by 0x4A75E7E: log_template_add_func_elem (templates.c:801)
==16117==    by 0x4A76629: log_template_compile (templates.c:1020)
==16117==    by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984)
==16117==    by 0x6DE853F: affile_parse (affile-grammar.y:822)
==16117==    by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83)
==16117==    by 0x4A6F214: plugin_parse_config (plugin.c:211)
==16117==    by 0x4A83ACD: main_parse (cfg-grammar.y:610)
==16117==    by 0x4A45527: cfg_parser_parse (cfg-parser.h:83)
==16117==  Address 0x6a38f90 is 0 bytes inside a block of size 7 free'd
==16117==    at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16117==    by 0x4A7AC57: value_pairs_new_from_cmdline (value-pairs.c:676)
==16117==    by 0x6FF1CAD: tf_json_prepare (tfjson.c:53)
==16117==    by 0x4A75E7E: log_template_add_func_elem (templates.c:801)
==16117==    by 0x4A76629: log_template_compile (templates.c:1020)
==16117==    by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984)
==16117==    by 0x6DE853F: affile_parse (affile-grammar.y:822)
==16117==    by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83)
==16117==    by 0x4A6F214: plugin_parse_config (plugin.c:211)
==16117==    by 0x4A83ACD: main_parse (cfg-grammar.y:610)
==16117==    by 0x4A45527: cfg_parser_parse (cfg-parser.h:83)
==16117==    by 0x4A46170: cfg_run_parser (cfg.c:316)

This is a bug introduced by an earlier patch of mine that removes the
--rekey option. I'll sand a patch shortly to fix that.

Valgrind would've been my next try, but I had to catch a bus. O:)

> However I'd need your configuration to get more information.

My config's now attached, though it's of little use now, as valgrind
found the bug above.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: test.conf
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120314/08e6a243/attachment.txt 
-------------- next part --------------

-- 
|8]

More information about the syslog-ng mailing list