Opened 12 years ago
Closed 12 years ago
Last modified 12 years ago
#10624 closed Bug Report - General (fixed)
valgrind error in syslogGetFacility() in logging.cpp when running mythshutdown
Reported by: | Owned by: | beirdo | |
---|---|---|---|
Priority: | minor | Milestone: | 0.25.1 |
Component: | MythTV - General | Version: | 0.25-fixes |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
$ valgrind /usr/bin/mythshutdown --status 0 --verbose general --loglevel info --syslog local7 ... ==1533== Invalid read of size 1 ==1533== at 0x40299C6: strcmp (mc_replace_strmem.c:538) ==1533== by 0x4B16303: syslogGetFacility(QString) (logging.cpp:1303) ==1533== by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453) ==1533== by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525) ==1533== by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so) ==1533== Address 0xc2d8970 is 16 bytes inside a block of size 26 free'd ==1533== at 0x4027C02: free (vg_replace_malloc.c:366) ==1533== by 0x4FB0E2A: qFree(void*) (in /usr/lib/i386-linux-gnu/libQtCore.so.4.7.4) ==1533== by 0x4B162E4: syslogGetFacility(QString) (qbytearray.h:383) ==1533== by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility() (mythcommandlineparser.cpp:2453) ==1533== by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString, unsigned int) (mythcommandlineparser.cpp:2525) ==1533== by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
The code is:
1291 int syslogGetFacility(QString facility) 1292 { 1293 #ifdef _WIN32 1294 LOG(VB_GENERAL, LOG_NOTICE, 1295 "Windows does not support syslog, disabling" ); 1296 return( -2 ); 1297 #else 1298 CODE *name; 1299 int i; 1300 char *string = (char *)facility.toLocal8Bit().constData(); 1301 1302 for (i = 0, name = &facilitynames[0]; 1303 name->c_name && strcmp(name->c_name, string); i++, name++); 1304 1305 return( name->c_val ); 1306 #endif 1307 }
The temporary QByteArray is destroyed at the end of the statement on line 1300. A pointer to its deallocated data is used on line 1303.
Suggested patch:
- char *string = (char *)facility.toLocal8Bit().constData(); + QByteArray byteArray = facility.toLocal8Bit(); + const char *string = byteArray.constData();
Change History (4)
Note: See
TracTickets for help on using
tickets.
In 9ea5252bc3a6367dacec1b4f92f03c13fbd0f0e4/mythtv: