From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id F1ACA3858D32; Mon, 29 Aug 2022 12:26:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F1ACA3858D32 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1661776007; bh=sroyY0UjlA7yF5FraCgJKv7OOD5tC+VZT5UXWCWtCj4=; h=From:To:Subject:Date:From; b=UPuJTYPdQLtNwJcwFbbT+Tw5RphrvIWPONg9Gi1Rf3DjVdnvhrguWIzri0AK8ZQ21 xbr+C79rP5g2Swu9xRyFvhIqbTsLjY8G0RTrq/f6A5QA5fYF7fKCv7vvD34e1XzOX2 AMUewOSpOwFtPRMqSWafUjXHVOu0ElQCWoPksb9A= From: "adhemerval.zanella at linaro dot org" To: glibc-bugs@sourceware.org Subject: [Bug libc/29536] New: syslog fail to create large messages Date: Mon, 29 Aug 2022 12:26:46 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.36 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: adhemerval.zanella at linaro dot org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29536 Bug ID: 29536 Summary: syslog fail to create large messages Product: glibc Version: 2.36 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: adhemerval.zanella at linaro dot org CC: drepper.fsp at gmail dot com Target Milestone: --- The fallback to use a heap allocated string for large input arguments do not correctly create the syslog message. For example the following test fails: -- $ cat test.c #include #include int main (int argc, const char *argv[]) { const char *some_very_long_message =3D "Lorem ipsum dolor sit amet, conse= ctetur adipiscing elit. Nulla gravida sapien metus, in sagittis ipsum pellentesque= ut. In dui lectus, elementum ut lacus et, mattis ullamcorper nulla. Cras vel ar= cu laoreet, fringilla lacus sit amet, scelerisque nisl. Suspendisse nec massa = eu erat commodo mollis. Curabitur imperdiet velit id lectus laoreet auctor. Se= d in enim volutpat, vulputate ipsum quis, tristique nulla. Vestibulum vitae condimentum metus, nec commodo lacus. Aliquam erat volutpat. Nunc fringilla justo at feugiat elementum. Aliquam eget nisl vel arcu molestie placerat ut= non lectus. Vivamus scelerisque condimentum felis ut hendrerit. Pellentesque sit amet dui eu erat lacinia gravida nec vitae nisl. Suspendisse rhoncus sagitt= is lacus, pharetra porttitor libero laoreet eu. Proin scelerisque luctus bland= it. Maecenas non odio sapien. Vivamus id euismod lorem, at maximus nisi. Maecen= as consectetur et felis at tempus. Etiam ac laoreet sem, vitae dignissim nulla. Nulla eu pretium nulla. In nec auctor nisl. Fusce luctus vel dolor id tempu= s. Nunc varius nunc eros, eget mattis sapien efficitur at. Duis dolor est, vestibulum eu interdum a, interdum id augue. Donec hendrerit, mi non laoreet placerat, nunc turpis scelerisque dui, eu pulvinar dui dui facilisis diam. Curabitur sapien risus, varius in neque eget, molestie rutrum dui. Etiam do= lor nulla, sollicitudin nec mauris in, blandit pretium nulla. Orci varius natoq= ue penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec lacinia mollis rutrum. Morbi aliquet tempus odio, ac euismod mi fermentum a. Duis ut facilisis tortor. Curabitur egestas nisi quis pulvinar porta. Sed consectetur interdum metus, eleifend condimentum massa congue at. Etiam vel rhoncus enim. Nullam bibendum velit ut ultricies aliquam. Maecenas in varius elit, nec sollicitudin lectus. Nulla eleifend scelerisque nulla, eu vehicula tortor vulputate vitae. In consequat vitae ipsum in sollicitudin. Nam rutrum libero mauris, nec iaculis lectus lobortis vel. Donec eget tempus nibh. Eti= am egestas ultrices tortor, ac condimentum tellus ultricies in. Nulla commodo hendrerit metus nec feugiat. Donec libero tortor, posuere sit amet metus malesuada, commodo vulputate ipsum. Nam a auctor augue. Sed vel libero dui. Donec scelerisque dignissim risus, eget aliquet arcu vestibulum nec. Aliquam nec arcu vel felis sollicitudin lacinia. Curabitur eget purus nibh. Phasell= us rutrum vulputate nunc, sit amet ullamcorper sem congue eu. Nam interdum nibh turpis, vehicula sagittis quam dictum vel. Curabitur dolor sem, pulvinar a velit ac, ultrices tincidunt felis. Quisque vitae mollis ipsum. Morbi quis tortor a metus iaculis elementum."; openlog ("MyTest", LOG_PERROR, LOG_DAEMON); syslog (LOG_DEBUG, "%s", some_very_long_message); closelog (); } $ gcc -Wall test.c -o test $ ./testrun.sh ./test $ -- Worse, it access invalid memory: $ ./testrun.sh --tool=3Dvalgrind ./test [...] =3D=3D62032=3D=3D =3D=3D62032=3D=3D Invalid read of size 1 =3D=3D62032=3D=3D at 0x4936537: __vsyslog_internal (syslog.c:230) =3D=3D62032=3D=3D by 0x4936955: syslog (syslog.c:90) =3D=3D62032=3D=3D by 0x48011DF: main (in /home/azanella/Projects/glibc/build/x86_64-linux-gnu/test) =3D=3D62032=3D=3D Address 0x4a267bf is 1 bytes before a block of size 29 a= lloc'd =3D=3D62032=3D=3D at 0x4811899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D62032=3D=3D by 0x49364AB: __vsyslog_internal (syslog.c:206) =3D=3D62032=3D=3D by 0x4936955: syslog (syslog.c:90) =3D=3D62032=3D=3D by 0x48011DF: main (in /home/azanella/Projects/glibc/build/x86_64-linux-gnu/test) =3D=3D62032=3D=3D =3D=3D62032=3D=3D Conditional jump or move depends on uninitialised value(s) =3D=3D62032=3D=3D at 0x4817D19: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) =3D=3D62032=3D=3D by 0x4885B3F: __vfprintf_internal (vfprintf-process-ar= g.c:397) =3D=3D62032=3D=3D by 0x48A8964: __vdprintf_internal (iovdprintf.c:54) =3D=3D62032=3D=3D by 0x4878FB5: dprintf (dprintf.c:30) =3D=3D62032=3D=3D by 0x4936561: __vsyslog_internal (syslog.c:230) =3D=3D62032=3D=3D by 0x4936955: syslog (syslog.c:90) =3D=3D62032=3D=3D by 0x48011DF: main (in /home/azanella/Projects/glibc/build/x86_64-linux-gnu/test) =3D=3D62032=3D=3D =3D=3D62032=3D=3D =3D=3D62032=3D=3D HEAP SUMMARY: =3D=3D62032=3D=3D in use at exit: 0 bytes in 0 blocks =3D=3D62032=3D=3D total heap usage: 9 allocs, 9 frees, 6,567 bytes alloca= ted =3D=3D62032=3D=3D =3D=3D62032=3D=3D All heap blocks were freed -- no leaks are possible =3D=3D62032=3D=3D =3D=3D62032=3D=3D Use --track-origins=3Dyes to see where uninitialised valu= es come from =3D=3D62032=3D=3D For lists of detected and suppressed errors, rerun with: = -s =3D=3D62032=3D=3D ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 fr= om 0) --=20 You are receiving this mail because: You are on the CC list for the bug.=