rsyslog icon indicating copy to clipboard operation
rsyslog copied to clipboard
verified publisher icon rsyslog

imjournal: Fix invalid memory READ issue

Open wltu opened this issue 1 year ago • 1 comments

Initlize inst->stateFile to NULL to prevent it from having invalid address.

When running with ASAN on it will hit the following error.

$ /tmp/rsyslogd -n -iNONE
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8588==ERROR: AddressSanitizer: SEGV on unknown address 0xbebebeae (pc 0xa6984f8c bp 0xaefb70cc sp 0xaefb6c68 T0)
==8588==The signal is caused by a READ memory access.
    #0 0xa6984f8c  (/usr/lib/libasan.so.8+0x20f8c) (BuildId: ee0b8a590de2b6d96c2138cdebb2499a90e6a07a)
    #1 0xa6a3b728  (/usr/lib/libasan.so.8+0xd7728) (BuildId: ee0b8a590de2b6d96c2138cdebb2499a90e6a07a)
    #2 0xa617c054  (/usr/lib/rsyslog/imjournal.so+0x6054) (BuildId: ca1c5d369cffa79029a75c06e0e18d62368c9bca)
    #3 0x4ff0e4  (/tmp/rsyslogd+0xa20e4) (BuildId: 14bec8475dcbac6b4061007eb0f4e4e3bab3aa38)
    #4 0x48f8bc  (/tmp/rsyslogd+0x328bc) (BuildId: 14bec8475dcbac6b4061007eb0f4e4e3bab3aa38)
    #5 0x488330 in main (/tmp/rsyslogd+0x2b330) (BuildId: 14bec8475dcbac6b4061007eb0f4e4e3bab3aa38)
    #6 0xa66a54ac  (/usr/lib/libc.so.6+0x1f4ac) (BuildId: c9c455a6e5b9355d2e08c2695ea6374f1ecc583c)
    #7 0xa66a5598 in __libc_start_main (/usr/lib/libc.so.6+0x1f598) (BuildId: c9c455a6e5b9355d2e08c2695ea6374f1ecc583c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/libasan.so.8+0x20f8c) (BuildId: ee0b8a590de2b6d96c2138cdebb2499a90e6a07a)
==8588==ABORTING

wltu avatar Oct 16 '24 23:10 wltu

can you pls provide a stack trace with symbols. I am not sure if this PR just cures one of potentially many root causes.

rgerhards avatar Oct 17 '24 06:10 rgerhards

can you pls provide a stack trace with symbols. I am not sure if this PR just cures one of potentially many root causes.

Sorry for the delay. I reproduced it again and got the stack traces with symbol.

$ asan_symbolize -s /workspace/tmp/work/openbmc-linux-gnueabi/obmc-phosphor-image/1.0/rootfs < /tmp/asan.dump | c++filt
/usr/bin/asan_symbolize:158: DeprecationWarning: Use shutil.which instead of find_executable
  logging.debug('addr2line binary is %s' % find_executable(addr2line_tool))
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18737==ERROR: AddressSanitizer: SEGV on unknown address 0xbebebeae (pc 0xa6927f8c bp 0xaee940cc sp 0xaee93c68 T0)
==18737==The signal is caused by a READ memory access.
    #0 0xa6927f8c in bool __sanitizer::atomic_compare_exchange_strong<__sanitizer::atomic_uint8_t>(__sanitizer::atomic_uint8_t volatile*, __sanitizer::atomic_uint8_t::Type*, __sanitizer::atomic_uint8_t::Type, __sanitizer::memory_order) /usr/src/debug/gcc-sanitizers/13.2.0/libsanitizer/sanitizer_common/sanitizer_atomic_clang.h:81:35
    #1 0xa6927f8c in __asan::Allocator::AtomicallySetQuarantineFlagIfAllocated(__asan::AsanChunk*, void*, __sanitizer::BufferedStackTrace*) _asan_rtl_:40
    #2 0xa6927f8c in __asan::Allocator::Deallocate(void*, unsigned int, unsigned int, __sanitizer::BufferedStackTrace*, __asan::AllocType) _asan_rtl_:48
    #3 0xa6927f8c in __asan::asan_free(void*, __sanitizer::BufferedStackTrace*, __asan::AllocType) _asan_rtl_:22
    #4 0xa69de728 in __interceptor_free.part.0 _asan_rtl_:12
    #5 0xa611f054 in activateCnf /usr/src/debug/rsyslog/8.2306.0/plugins/imjournal/imjournal.c:1153:4
    #6 0xa611f054 in activateCnf /usr/src/debug/rsyslog/8.2306.0/plugins/imjournal/imjournal.c:1107:1
    #7 0x5480e4 in tellModulesActivateConfig /usr/src/debug/rsyslog/8.2306.0/runtime/rsconf.c:853:15
    #8 0x5480e4 in activate /usr/src/debug/rsyslog/8.2306.0/runtime/rsconf.c:1039:2
    #9 0x4d88bc in initAll /usr/src/debug/rsyslog/8.2306.0/tools/rsyslogd.c:1694:2
    #10 0x4d1330 in main /usr/src/debug/rsyslog/8.2306.0/tools/rsyslogd.c:2220:2
    #11 0xa66484ac in __libc_init_first ??:?
    #12 0xa6648598 in __libc_start_main ??:0:0

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/libasan.so.8+0x20f8c) (BuildId: ee0b8a590de2b6d96c2138cdebb2499a90e6a07a)
==18737==ABORTING
  • plugins/imjournal/imjournal.c:1107 -> https://github.com/rsyslog/rsyslog/blob/91f1dd795e7bdd4e925ddc0235ddf02178ce3921/plugins/imjournal/imjournal.c#L1117
  • plugins/imjournal/imjournal.c:1153 -> https://github.com/rsyslog/rsyslog/blob/91f1dd795e7bdd4e925ddc0235ddf02178ce3921/plugins/imjournal/imjournal.c#L1163

wltu avatar Nov 20 '24 03:11 wltu

It seems like the bMain fields is also left out from the initialization, @wltu can you add that there as well (set to 0)?

Cropi avatar Nov 26 '24 08:11 Cropi

/gemini review

rgerhards avatar Jul 15 '25 15:07 rgerhards

I replace this PR with https://github.com/rsyslog/rsyslog/pull/6009 as it has become much harder to rebase - sry for this.

rgerhards avatar Aug 22 '25 10:08 rgerhards