[syslog-ng] segfault in 3.4 alpha1
Balazs Scheidler
bazsi at balabit.hu
Wed Mar 14 21:04:36 CET 2012
On Wed, 2012-03-14 at 10:23 +0100, Gergely Nagy wrote:
> Balazs Scheidler <bazsi at balabit.hu> writes:
>
> >> #5 0x00007ffff332665d in afmongodb_parse (lexer=0x61d6f0, instance=0x7fffffffa870, arg=0x0) at afmongodb-grammar.y:799
> >> 799 | KW_REPLACE '(' string string ')' {
> >> value_pairs_transform_set_add_func(last_vp_transset,
> >> value_pairs_new_transform_replace($3, $4)); free($3); free($4); }
> >
> > Something clobbers the heap before the free calls, running under
> > valgrind would probably reveal the cause.
>
> Valgrind shows this, using the attached config:
>
> ==16117== Invalid free() / delete / delete[] / realloc()
> ==16117== at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16117== by 0x4A7A42D: vp_cmdline_parse_rekey_finish (value-pairs.c:462)
> ==16117== by 0x4A7AC86: value_pairs_new_from_cmdline (value-pairs.c:681)
> ==16117== by 0x6FF1CAD: tf_json_prepare (tfjson.c:53)
> ==16117== by 0x4A75E7E: log_template_add_func_elem (templates.c:801)
> ==16117== by 0x4A76629: log_template_compile (templates.c:1020)
> ==16117== by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984)
> ==16117== by 0x6DE853F: affile_parse (affile-grammar.y:822)
> ==16117== by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83)
> ==16117== by 0x4A6F214: plugin_parse_config (plugin.c:211)
> ==16117== by 0x4A83ACD: main_parse (cfg-grammar.y:610)
> ==16117== by 0x4A45527: cfg_parser_parse (cfg-parser.h:83)
> ==16117== Address 0x6a38f90 is 0 bytes inside a block of size 7 free'd
> ==16117== at 0x40279D4: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16117== by 0x4A7AC57: value_pairs_new_from_cmdline (value-pairs.c:676)
> ==16117== by 0x6FF1CAD: tf_json_prepare (tfjson.c:53)
> ==16117== by 0x4A75E7E: log_template_add_func_elem (templates.c:801)
> ==16117== by 0x4A76629: log_template_compile (templates.c:1020)
> ==16117== by 0x4A4B425: cfg_tree_check_inline_template (cfg-tree.c:984)
> ==16117== by 0x6DE853F: affile_parse (affile-grammar.y:822)
> ==16117== by 0x4A6EABB: cfg_parser_parse (cfg-parser.h:83)
> ==16117== by 0x4A6F214: plugin_parse_config (plugin.c:211)
> ==16117== by 0x4A83ACD: main_parse (cfg-grammar.y:610)
> ==16117== by 0x4A45527: cfg_parser_parse (cfg-parser.h:83)
> ==16117== by 0x4A46170: cfg_run_parser (cfg.c:316)
>
> This is a bug introduced by an earlier patch of mine that removes the
> --rekey option. I'll sand a patch shortly to fix that.
>
> Valgrind would've been my next try, but I had to catch a bus. O:)
>
> > However I'd need your configuration to get more information.
>
> My config's now attached, though it's of little use now, as valgrind
> found the bug above.
I've commited this for the double free:
commit cf193a52e2177641921e6ff7cda48bc4a37d971b
Author: Balazs Scheidler <bazsi at balabit.hu>
Date: Wed Mar 14 20:47:19 2012 +0100
value-pairs: fixed double free in case of an argument parsing failure
Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
and this to report template compilation errors properly:
commit 7c2cc16233a5fc21232ec22f56a9ae9022e240bd
Author: Balazs Scheidler <bazsi at balabit.hu>
Date: Wed Mar 14 20:48:09 2012 +0100
cfg-tree: handle template compilation errors properly
In case a template was specified directly at a destination, its syntax errors
were not properly reported while the configuration was being parsed. This
patch fixes that.
Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
--
Bazsi
More information about the syslog-ng
mailing list