diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2010-02-22 09:31:10 +0100 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2010-02-22 09:31:10 +0100 |
commit | c577e9c64cec0eebf6b7c3bd964354ab90c045ae (patch) | |
tree | 1899b41ccc57b88542e7c9e7a6891cccffdcb721 /runtime/msg.c | |
parent | f764f24baa542796776e76bb5f22fdf9d7e32f5e (diff) | |
download | rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.tar.gz rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.tar.xz rsyslog-c577e9c64cec0eebf6b7c3bd964354ab90c045ae.zip |
bugfix: message without MSG part could case a segfault
[backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f]
This actually was a "recent" regression, but I did not realize that it
was introduced by the performance optimization in v4-devel. Shame on
me for having two devel versions at the same time...
Diffstat (limited to 'runtime/msg.c')
-rw-r--r-- | runtime/msg.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/runtime/msg.c b/runtime/msg.c index 8e3ad314..70207075 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -1171,7 +1171,7 @@ uchar *getMSG(msg_t *pM) if(pM == NULL) ret = UCHAR_CONSTANT(""); else { - if(pM->offMSG == -1) + if(pM->iLenMSG == 0) ret = UCHAR_CONSTANT(""); else ret = pM->pszRawMsg + pM->offMSG; @@ -1947,12 +1947,20 @@ void MsgSetHOSTNAME(msg_t *pThis, uchar* pszHOSTNAME, int lenHOSTNAME) /* set the offset of the MSG part into the raw msg buffer + * Note that the offset may be higher than the length of the raw message + * (exactly by one). This can happen if we have a message that does not + * contain any MSG part. */ void MsgSetMSGoffs(msg_t *pMsg, short offs) { ISOBJ_TYPE_assert(pMsg, msg); - pMsg->iLenMSG = pMsg->iLenRawMsg - offs; pMsg->offMSG = offs; + if(offs > pMsg->iLenRawMsg) { + assert(offs - 1 == pMsg->iLenRawMsg); + pMsg->iLenMSG = 0; + } else { + pMsg->iLenMSG = pMsg->iLenRawMsg - offs; + } } @@ -1986,7 +1994,8 @@ rsRetVal MsgReplaceMSG(msg_t *pThis, uchar* pszMSG, int lenMSG) pThis->pszRawMsg = bufNew; } - memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); + if(lenMSG > 0) + memcpy(pThis->pszRawMsg + pThis->offMSG, pszMSG, lenMSG); pThis->pszRawMsg[lenNew] = '\0'; /* this also works with truncation! */ pThis->iLenRawMsg = lenNew; pThis->iLenMSG = lenMSG; |