Modify
Warning Please read the Ticket HowTo before creating or commenting on a ticket. Failure to do so may cause your ticket to be rejected or result in a slower response.

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#10624 closed Bug Report - General (fixed)

valgrind error in syslogGetFacility() in logging.cpp when running mythshutdown

Reported by: Malcolm Parsons <malcolm.parsons@…> Owned by: beirdo
Priority: minor Milestone: 0.25.1
Component: MythTV - General Version: 0.25-fixes
Severity: medium Keywords:
Cc: Ticket locked: no

Description

$ valgrind /usr/bin/mythshutdown --status 0 --verbose general --loglevel info --syslog local7

...

==1533== Invalid read of size 1
==1533==    at 0x40299C6: strcmp (mc_replace_strmem.c:538)
==1533==    by 0x4B16303: syslogGetFacility(QString) (logging.cpp:1303)
==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453)
==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525)
==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
==1533==  Address 0xc2d8970 is 16 bytes inside a block of size 26 free'd
==1533==    at 0x4027C02: free (vg_replace_malloc.c:366)
==1533==    by 0x4FB0E2A: qFree(void*) (in /usr/lib/i386-linux-gnu/libQtCore.so.4.7.4)
==1533==    by 0x4B162E4: syslogGetFacility(QString) (qbytearray.h:383)
==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453)
==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525)
==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)

The code is:

1291	int syslogGetFacility(QString facility)
1292	{
1293	#ifdef _WIN32
1294	    LOG(VB_GENERAL, LOG_NOTICE,
1295	        "Windows does not support syslog, disabling" );
1296	    return( -2 );
1297	#else
1298	    CODE *name;
1299	    int i;
1300	    char *string = (char *)facility.toLocal8Bit().constData();
1301	
1302	    for (i = 0, name = &facilitynames[0];
1303	         name->c_name && strcmp(name->c_name, string); i++, name++);
1304	
1305	    return( name->c_val );
1306	#endif
1307	}

The temporary QByteArray is destroyed at the end of the statement on line 1300.
A pointer to its deallocated data is used on line 1303.

Suggested patch:

-    char *string = (char *)facility.toLocal8Bit().constData();
+    QByteArray byteArray = facility.toLocal8Bit();
+    const char *string = byteArray.constData();

Attachments (0)

Change History (4)

comment:1 Changed 2 years ago by beirdo

  • Owner set to beirdo
  • Status changed from new to assigned

comment:2 Changed 2 years ago by Malcolm Parsons <malcolm.parsons@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In 9ea5252bc3a6367dacec1b4f92f03c13fbd0f0e4/mythtv:

Fix syslogGetFacility's use of QBytebuffer

Fixes #10624.

Signed-off-by: Gavin Hurlbut <ghurlbut@…>

comment:3 Changed 2 years ago by Malcolm Parsons <malcolm.parsons@…>

In 674e37ab7d16f5a8ee7c8426dcb7a594a23fa75f/mythtv:

Fix syslogGetFacility's use of QBytebuffer

Fixes #10624.

Signed-off-by: Gavin Hurlbut <ghurlbut@…>
(cherry picked from commit 9ea5252bc3a6367dacec1b4f92f03c13fbd0f0e4)

comment:4 Changed 2 years ago by beirdo

  • Milestone changed from unknown to 0.25.1

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'new'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.