summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2009-08-19 13:00:27 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2009-08-19 13:00:27 +0200
commit16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f (patch)
tree5dc39bc0ef0ffb2dc2a36315b7d57a30b9145ef2
parent192bc01d9e029d86a832a3673f844d78d2a5da96 (diff)
parent9bb9181572d445dd300546113fc617eb549866ba (diff)
downloadrsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.tar.gz
rsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.tar.xz
rsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.zip
Merge branch 'v4-devel' into beta
-rw-r--r--ChangeLog10
-rw-r--r--runtime/stream.h4
2 files changed, 12 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index b8e884e3..d1ba8617 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,16 @@ Version 4.5.2 [DEVEL] (rgerhards), 2009-07-??
does most probably not have any effect in practice.
- bugfix: if tcp listen port could not be created, no error message was
emitted
+- bugfix: potential segfault in output file writer (omfile)
+ In async write mode, we use modular arithmetic to index the output
+ buffer array. However, the counter variables accidently were signed,
+ thus resulting in negative indizes after integer overflow. That in turn
+ could lead to segfaults, but was depending on the memory layout of
+ the instance in question (which in turn depended on a number of
+ variables, like compile settings but also configuration). The counters
+ are now unsigned (as they always should have been) and so the dangling
+ mis-indexing does no longer happen. This bug potentially affected all
+ installations, even if only some may actually have seen a segfault.
---------------------------------------------------------------------------
Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15
- CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this
diff --git a/runtime/stream.h b/runtime/stream.h
index cb368835..64ffb6e1 100644
--- a/runtime/stream.h
+++ b/runtime/stream.h
@@ -131,8 +131,8 @@ typedef struct strm_s {
pthread_cond_t notFull;
pthread_cond_t notEmpty;
pthread_cond_t isEmpty;
- short iEnq;
- short iDeq;
+ unsigned short iEnq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */
+ unsigned short iDeq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */
short iCnt; /* current nbr of elements in buffer */
struct {
uchar *pBuf;