[syslog-ng] [Bug 277] New: test_basicfuncs crashes, apparently due to $(env ...) of a nonexistent variable

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Fri Apr 4 12:15:06 CEST 2014 

https://bugzilla.balabit.com/show_bug.cgi?id=277

           Summary: test_basicfuncs crashes, apparently due to $(env ...) of
                    a nonexistent variable
           Product: syslog-ng
           Version: 3.5.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: nix at esperi.org.uk
Type of the Report: bug
   Estimated Hours: 0.0


This is with syslog-ng 3.5.4.1, fresh out of git, glib 2.38.2, and gcc 4.8.2.

Backtrace:

#0  0x00007f4209096d1a in strlen () from /lib/libc.so.6
#1  0x00007f4209631550 in g_string_insert_len (len=-1, val=0x0, pos=-1, string=0x219d380) at gstring.c:440
#2  g_string_insert_len (string=0x219d380, pos=-1, val=0x0, len=-1) at gstring.c:428
#3  0x00007f4209b82563 in tf_env (msg=<optimized out>, argc=1, argv=<optimized out>, result=0x219d380) at modules/basicfuncs/misc-funcs.c:54
#4  0x00007f4209942788 in log_template_append_format_with_context (self=self at entry=0x2196d40, messages=messages at entry=0x7fff01a9f1e8,
num_messages=num_messages at entry=1, opts=0x2196828, opts at entry=0x0, tz=tz at entry=0, seq_num=999, seq_num at entry=32578,
    context_id=0x40c143 "test-context-id", context_id at entry=0x0, result=result at entry=0x219d380) at lib/template/templates.c:1385
#5  0x00007f4209942b9f in log_template_append_format (self=self at entry=0x2196d40, lm=lm at entry=0x219c3c0, opts=opts at entry=0x0, tz=tz at entry=0,
seq_num=seq_num at entry=32578, context_id=context_id at entry=0x0, result=0x219d380) at lib/template/templates.c:1412
#6  0x00007f4209942c0b in log_template_format (self=self at entry=0x2196d40, lm=lm at entry=0x219c3c0, opts=opts at entry=0x0, tz=tz at entry=0, seq_num=32578,
seq_num at entry=999, context_id=0x0, context_id at entry=0x40c143 "test-context-id",
    result=result at entry=0x219d380) at lib/template/templates.c:1419
#7  0x0000000000409457 in assert_template_format_with_escaping (template=template at entry=0x40b408 "$(env OHHELLO)", escaping=escaping at entry=0,
expected=expected at entry=0x40c55e "") at libtest/template_lib.c:108
#8  0x00000000004094ba in assert_template_format (template=template at entry=0x40b408 "$(env OHHELLO)", expected=expected at entry=0x40c55e "") at
libtest/template_lib.c:93
#9  0x0000000000409161 in test_misc_funcs () at modules/basicfuncs/tests/test_basicfuncs.c:101
#10 0x0000000000408c4a in main (argc=<optimized out>, argv=<optimized out>) at modules/basicfuncs/tests/test_basicfuncs.c:115

Somehow, between assert_template_format_with_escaping() and tf_env(),
we end up with a 1-entry argc and an argv containing an empty string;
this then turns into a request to insert a null pointer at position -1.

I'd say glib is right to coredump when faced with that :)


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list