This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] syslog() segv fix under memory shortage


This patch fixes misc/syslog.c:vsyslog() segv.  When memory is
shortage, open_memstream() in vsyslog() can't allocate buffer, and
then uses local buffer "failbuf".  At last in vsyslog(), free() is
called everytime even for local buffer, then it goes segv.  This patch
adds a flag that indicates the buffer is local or not.

Regards,
-- gotom


2004-04-15  GOTO Masanori  <gotom@debian.or.jp>

	* misc/syslog.c: don't free() if it uses local failbuf.


--- misc/syslog.c	2004-03-15 12:58:10.000000000 +0900
+++ misc/syslog.c.gotom	2004-03-15 13:13:16.000000000 +0900
@@ -141,6 +141,7 @@
  	int sigpipe;
 	int saved_errno = errno;
 	char failbuf[3 * sizeof (pid_t) + sizeof "out of memory []"];
+	int need_free = 1;
 
 #define	INTERNALLOG	LOG_ERR|LOG_CONS|LOG_PERROR|LOG_PID
 	/* Check for invalid bits. */
@@ -181,6 +182,7 @@
 	    buf = failbuf;
 	    bufsize = endp - failbuf;
 	    msgoff = 0;
+	    need_free = 0;
 	  }
 	else
 	  {
@@ -237,12 +239,14 @@
 		    v->iov_len = 1;
 		  }
 
-		__libc_cleanup_push (free, buf);
+		if (__builtin_expect(need_free, 1))
+		  __libc_cleanup_push (free, buf);
 
 		/* writev is a cancellation point.  */
 		(void)__writev(STDERR_FILENO, iov, v - iov + 1);
 
-		__libc_cleanup_pop (0);
+		if (__builtin_expect(need_free, 1))
+		  __libc_cleanup_pop (0);
 	}
 
 	/* Prepare for multiple users.  We have to take care: open and
@@ -305,7 +309,8 @@
 	__libc_cleanup_pop (0);
 	__libc_lock_unlock (syslog_lock);
 
-	free (buf);
+	if (__builtin_expect(need_free, 1))
+	  free (buf);
 }
 libc_hidden_def (vsyslog)
 


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]