[mythtv-commits] Ticket #10624: valgrind error in syslogGetFacility() in logging.cpp when running mythshutdown

MythTV noreply at mythtv.org
Tue Apr 17 22:17:21 UTC 2012 

#10624: valgrind error in syslogGetFacility() in logging.cpp when running
mythshutdown
-------------------------------------+-------------------------------------
 Reporter:  Malcolm Parsons          |           Type:  Bug Report -
  <malcolm.parsons@…>                |  General
   Status:  new                      |       Priority:  minor
Milestone:  unknown                  |      Component:  MythTV - General
  Version:  0.25-fixes               |       Severity:  medium
 Keywords:                           |  Ticket locked:  0
-------------------------------------+-------------------------------------
 {{{
 $ valgrind /usr/bin/mythshutdown --status 0 --verbose general --loglevel
 info --syslog local7

 ...

 ==1533== Invalid read of size 1
 ==1533==    at 0x40299C6: strcmp (mc_replace_strmem.c:538)
 ==1533==    by 0x4B16303: syslogGetFacility(QString) (logging.cpp:1303)
 ==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility()
 (mythcommandlineparser.cpp:2453)
 ==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString,
 unsigned int) (mythcommandlineparser.cpp:2525)
 ==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
 ==1533==  Address 0xc2d8970 is 16 bytes inside a block of size 26 free'd
 ==1533==    at 0x4027C02: free (vg_replace_malloc.c:366)
 ==1533==    by 0x4FB0E2A: qFree(void*) (in /usr/lib/i386-linux-
 gnu/libQtCore.so.4.7.4)
 ==1533==    by 0x4B162E4: syslogGetFacility(QString) (qbytearray.h:383)
 ==1533==    by 0x4B2F8CE: MythCommandLineParser::GetSyslogFacility()
 (mythcommandlineparser.cpp:2453)
 ==1533==    by 0x4B3051C: MythCommandLineParser::ConfigureLogging(QString,
 unsigned int) (mythcommandlineparser.cpp:2525)
 ==1533==    by 0x401EFF3: ??? (in /lib/i386-linux-gnu/ld-2.13.so)
 }}}

 The code is:

 {{{
 1291    int syslogGetFacility(QString facility)
 1292    {
 1293    #ifdef _WIN32
 1294        LOG(VB_GENERAL, LOG_NOTICE,
 1295            "Windows does not support syslog, disabling" );
 1296        return( -2 );
 1297    #else
 1298        CODE *name;
 1299        int i;
 1300        char *string = (char *)facility.toLocal8Bit().constData();
 1301
 1302        for (i = 0, name = &facilitynames[0];
 1303             name->c_name && strcmp(name->c_name, string); i++,
 name++);
 1304
 1305        return( name->c_val );
 1306    #endif
 1307    }
 }}}

 The temporary QByteArray is destroyed at the end of the statement on line
 1300.
 A pointer to its deallocated data is used on line 1303.


 Suggested patch:

 {{{
 -    char *string = (char *)facility.toLocal8Bit().constData();
 +    QByteArray byteArray = facility.toLocal8Bit();
 +    const char *string = byteArray.constData();
 }}}

-- 
Ticket URL: <http://code.mythtv.org/trac/ticket/10624>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center

More information about the mythtv-commits mailing list