[mythtv-commits] Ticket #10624: valgrind error in syslogGetFacility() in logging.cpp when running mythshutdown
MythTV
noreply at mythtv.org
Tue Apr 17 22:17:21 UTC 2012
#10624: valgrind error in syslogGetFacility() in logging.cpp when running
mythshutdown
-------------------------------------+-------------------------------------
Reporter: Malcolm Parsons | Type: Bug Report -
<malcolm.parsons@…> | General
Status: new | Priority: minor
Milestone: unknown | Component: MythTV - General
Version: 0.25-fixes | Severity: medium
Keywords: | Ticket locked: 0
-------------------------------------+-------------------------------------
{{{
$ valgrind /usr/bin/mythshutdown --status 0 --verbose general --loglevel
info --syslog local7
...
==1533== Invalid read of size 1
==1533== at 0x40299C6: strcmp (mc_replace_strmem.c:538)
==1533== by 0x4B16303: syslogGetFacility(QString) (logging.cpp:1303)
==1533== by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility()
(mythcommandlineparser.cpp:2453)
==1533== by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString,
unsigned int) (mythcommandlineparser.cpp:2525)
==1533== by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
==1533== Address 0xc2d8970 is 16 bytes inside a block of size 26 free'd
==1533== at 0x4027C02: free (vg_replace_malloc.c:366)
==1533== by 0x4FB0E2A: qFree(void*) (in /usr/lib/i386-linux-
gnu/libQtCore.so.4.7.4)
==1533== by 0x4B162E4: syslogGetFacility(QString) (qbytearray.h:383)
==1533== by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility()
(mythcommandlineparser.cpp:2453)
==1533== by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString,
unsigned int) (mythcommandlineparser.cpp:2525)
==1533== by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
}}}
The code is:
{{{
1291 int syslogGetFacility(QString facility)
1292 {
1293 #ifdef _WIN32
1294 LOG(VB_GENERAL, LOG_NOTICE,
1295 "Windows does not support syslog, disabling" );
1296 return( -2 );
1297 #else
1298 CODE *name;
1299 int i;
1300 char *string = (char *)facility.toLocal8Bit().constData();
1301
1302 for (i = 0, name = &facilitynames[0];
1303 name->c_name && strcmp(name->c_name, string); i++,
name++);
1304
1305 return( name->c_val );
1306 #endif
1307 }
}}}
The temporary QByteArray is destroyed at the end of the statement on line
1300.
A pointer to its deallocated data is used on line 1303.
Suggested patch:
{{{
- char *string = (char *)facility.toLocal8Bit().constData();
+ QByteArray byteArray = facility.toLocal8Bit();
+ const char *string = byteArray.constData();
}}}
--
Ticket URL: <http://code.mythtv.org/trac/ticket/10624>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center
More information about the mythtv-commits
mailing list