Control: tag -1 - pending
Hi Yavor,
Yavor Doganov wrote:
> Please find a patch attached (I was not able to test all plugins).
Thanks again for that huge patch. I've pushed it and several other
changes to Salsa.
A local test on my /var/log/syslog immediately ran into a segfault,
though, so I guess, that's one of the plugins you couldn't test.
Culprit is this line, actually the first line in my current /var/log/syslog:
Dec 3 06:38:28 c6 syslog-ng[26651]: Configuration reload request received,
reloading configuration;
Example for a minimal reproducer:
$ echo 'Dec 3 06:38:28 c6 syslog-ng[26651]: Configuration reload request
received, reloading configuration;' | ccze -A
free(): invalid pointer
[1] 17679 done echo |
17680 IOT instruction (core dumped) ccze -A
A backtrace of the core dump gave the following output:
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007ffff7d1c15f in __pthread_kill_internal (signo=6,
threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 0x00007ffff7cce472 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007ffff7cb84b2 in __GI_abort () at ./stdlib/abort.c:79
#4 0x00007ffff7cb91ed in __libc_message (fmt=fmt@entry=0x7ffff7e2b78c
"%s\n") at ../sysdeps/posix/libc_fatal.c:150
#5 0x00007ffff7d25a75 in malloc_printerr (str=str@entry=0x7ffff7e2922c
"free(): invalid pointer") at ./malloc/malloc.c:5658
#6 0x00007ffff7d277f4 in _int_free (av=<optimized out>, p=<optimized out>,
have_lock=have_lock@entry=0) at ./malloc/malloc.c:4432
#7 0x00007ffff7d2a16f in __GI___libc_free (mem=mem@entry=0x555555566c08) at
./malloc/malloc.c:3367
#8 0x00007ffff7c7b393 in ccze_syslog_process (offsets=0x55555556e170) at
./src/mod_syslog.c:63
#9 ccze_syslog_handle (str=<optimized out>, length=<optimized out>,
rest=0x7fffffffd9a8) at ./src/mod_syslog.c:126
#10 0x000055555555aa1f in ccze_plugin_run
(pluginset=pluginset@entry=0x55555556ad30, subject=subject@entry=0x5555555609c0
"Dec 3 06:38:28 c6 syslog-ng[26651]: Configuration reload request received,
reloading configuration;", subjlen=100, rest=rest@entry=0x7fffffffd9a8,
type=type@entry=CCZE_PLUGIN_TYPE_FULL,
handled=handled@entry=0x7fffffffd984, status=0x7fffffffd988) at
./src/ccze-plugin.c:327
#11 0x0000555555558696 in ccze_main () at ./src/ccze.c:706
#12 main (argc=<optimized out>, argv=<optimized out>) at ./src/ccze.c:753
Seems to be the "free(process)" in line 63 of src/mod_syslog.c. But
neither commenting it out (which might have caused a memory leak) nor
replacing it with "pcre2_substring_free(process)" (as present
elsewhere shortly afterwards is this file) did fix the segfault. It
just started to look different, so the latter might be part of the
fix, but in that case it's is not the complete fix .
I currently assume that any line starting with a date and then a
process name with process id in brackets will trigger this as it's the
parsing of the process id inside the brackets where the crash happens.
So in case you have an idea how to fix this, I'd be happy.
(As mentioned elsewhere already, this migration is a huge PCRE
upstream mess and I'm glad about any help as this is not my only
package affected.)
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
