search

troglobit / sysklogd

BSD syslog daemon with syslog()/syslogp() API replacement for Linux, RFC3164 + RFC5424
https://troglobit.com/sysklogd.html
Other
93 stars 20 forks source link

Regression in 2.6.0: SIGSEGV in fprintlog_first() on shutdown #87

Closed moonlitbugs closed 3 months ago

moonlitbugs commented 3 months ago

When syslogd is shut down by sending it a SIGTERM, it attempts to access invalid memory at address TypeNames[f->f_type] which is inside a call to fprintlog_first(). This is a regression against version 2.5.2, which shuts down cleanly.

Here is a GDB session showing the fault, with boilerplate output from GDB trimmed for brevity:

~# gdb syslogd
GNU gdb (GDB) 15.1
  [ ... Trimmed ... ]
Reading symbols from syslogd...
(gdb) set args -F -m 0
(gdb) run
Starting program: /usr/sbin/syslogd -F -m 0

Program received signal SIGTERM, Terminated.
0x00007ffff7d16a90 in select () from /lib64/libc.so.6
(gdb) continue
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x000000000040584e in fprintlog_first (f=f@entry=0x7ffff7df1d00 <main_arena+96>, 
    buffer=buffer@entry=0x7fffffffcfb0) at syslogd.c:2225
2225            logit(" logging to %s", TypeNames[f->f_type]);
(gdb) print f
$1 = (struct filed *) 0x7ffff7df1d00 <main_arena+96>
(gdb) print f->f_type
$2 = 24352
(gdb) print TypeNames[f->f_type]
Cannot access memory at address 0x4405c0

This was compiled with gcc 14.1.0 on glibc 2.39 with options --prefix=/usr --disable-static --without-logger.

There's nothing unusual about the syslog.conf that it is running. Here it is, with comments and empty lines removed:

kern.*                                                  -/var/log/kern
authpriv.*                                              -/var/log/secure
mail.*                                                  -/var/log/maillog
*.=debug;kern.none;authpriv.none;mail.none              -/var/log/debug
*.info;*.!warn;kern.none;authpriv.none;mail.none        -/var/log/messages
*.=warn;*.=error;kern.none;authpriv.none;mail.none      -/var/log/syslog
*.crit                                                  /var/log/crit
*.alert                                                 *
troglobit commented 3 months ago

Took me a while to install Slackware current today, but now I've at least reproduced this. Thank you for the report, I'll dig in now and have a look at what's going on.

moonlitbugs commented 3 months ago

Super, thanks! Glad it was an easy fix.

troglobit commented 3 months ago

No problem, really appreciate the great bug report! Just FYI, a 2.6.1 will probably be out within a week or so ...