Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#10624 closed Bug Report - General (fixed)

valgrind error in syslogGetFacility() in logging.cpp when running mythshutdown

Reported by: Malcolm Parsons <malcolm.parsons@…> Owned by: beirdo
Priority: minor Milestone: 0.25.1
Component: MythTV - General Version: 0.25-fixes
Severity: medium Keywords:
Cc: Ticket locked: no

Description

$ valgrind /usr/bin/mythshutdown --status 0 --verbose general --loglevel info --syslog local7

...

==1533== Invalid read of size 1
==1533==    at 0x40299C6: strcmp (mc_replace_strmem.c:538)
==1533==    by 0x4B16303: syslogGetFacility(QString) (logging.cpp:1303)
==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453)
==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525)
==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
==1533==  Address 0xc2d8970 is 16 bytes inside a block of size 26 free'd
==1533==    at 0x4027C02: free (vg_replace_malloc.c:366)
==1533==    by 0x4FB0E2A: qFree(void*) (in /usr/lib/i386-linux-gnu/libQtCore.so.4.7.4)
==1533==    by 0x4B162E4: syslogGetFacility(QString) (qbytearray.h:383)
==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453)
==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525)
==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)

The code is:

1291	int syslogGetFacility(QString facility)
1292	{
1293	#ifdef _WIN32
1294	    LOG(VB_GENERAL, LOG_NOTICE,
1295	        "Windows does not support syslog, disabling" );
1296	    return( -2 );
1297	#else
1298	    CODE *name;
1299	    int i;
1300	    char *string = (char *)facility.toLocal8Bit().constData();
1301	
1302	    for (i = 0, name = &facilitynames[0];
1303	         name->c_name && strcmp(name->c_name, string); i++, name++);
1304	
1305	    return( name->c_val );
1306	#endif
1307	}

The temporary QByteArray is destroyed at the end of the statement on line 1300. A pointer to its deallocated data is used on line 1303.

Suggested patch:

-    char *string = (char *)facility.toLocal8Bit().constData();
+    QByteArray byteArray = facility.toLocal8Bit();
+    const char *string = byteArray.constData();

Change History (4)

comment:1 Changed 12 years ago by beirdo

Owner: set to beirdo
Status: newassigned

comment:2 Changed 12 years ago by Malcolm Parsons <malcolm.parsons@…>

Resolution: fixed
Status: assignedclosed

In 9ea5252bc3a6367dacec1b4f92f03c13fbd0f0e4/mythtv:

Fix syslogGetFacility's use of QBytebuffer

Fixes #10624.

Signed-off-by: Gavin Hurlbut <ghurlbut@…>

comment:3 Changed 12 years ago by Malcolm Parsons <malcolm.parsons@…>

In 674e37ab7d16f5a8ee7c8426dcb7a594a23fa75f/mythtv:

Fix syslogGetFacility's use of QBytebuffer

Fixes #10624.

Signed-off-by: Gavin Hurlbut <ghurlbut@…>
(cherry picked from commit 9ea5252bc3a6367dacec1b4f92f03c13fbd0f0e4)

comment:4 Changed 12 years ago by beirdo

Milestone: unknown0.25.1
Note: See TracTickets for help on using tickets.