diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2009-08-19 13:00:27 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2009-08-19 13:00:27 +0200 |
commit | 16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f (patch) | |
tree | 5dc39bc0ef0ffb2dc2a36315b7d57a30b9145ef2 | |
parent | 192bc01d9e029d86a832a3673f844d78d2a5da96 (diff) | |
parent | 9bb9181572d445dd300546113fc617eb549866ba (diff) | |
download | rsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.tar.gz rsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.tar.xz rsyslog-16fb5cd701d4c12f8ad573dde8ff52c9eaecb79f.zip |
Merge branch 'v4-devel' into beta
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | runtime/stream.h | 4 |
2 files changed, 12 insertions, 2 deletions
@@ -11,6 +11,16 @@ Version 4.5.2 [DEVEL] (rgerhards), 2009-07-?? does most probably not have any effect in practice. - bugfix: if tcp listen port could not be created, no error message was emitted +- bugfix: potential segfault in output file writer (omfile) + In async write mode, we use modular arithmetic to index the output + buffer array. However, the counter variables accidently were signed, + thus resulting in negative indizes after integer overflow. That in turn + could lead to segfaults, but was depending on the memory layout of + the instance in question (which in turn depended on a number of + variables, like compile settings but also configuration). The counters + are now unsigned (as they always should have been) and so the dangling + mis-indexing does no longer happen. This bug potentially affected all + installations, even if only some may actually have seen a segfault. --------------------------------------------------------------------------- Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15 - CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this diff --git a/runtime/stream.h b/runtime/stream.h index cb368835..64ffb6e1 100644 --- a/runtime/stream.h +++ b/runtime/stream.h @@ -131,8 +131,8 @@ typedef struct strm_s { pthread_cond_t notFull; pthread_cond_t notEmpty; pthread_cond_t isEmpty; - short iEnq; - short iDeq; + unsigned short iEnq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */ + unsigned short iDeq; /* this MUST be unsigned as we use module arithmetic (else invalid indexing happens!) */ short iCnt; /* current nbr of elements in buffer */ struct { uchar *pBuf; |