fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/35309?usp=email ) Change subject: logging: fix NULL pointer dereference in _output_buf() ...................................................................... logging: fix NULL pointer dereference in _output_buf() In the _output_buf() we explicitly initialize only the 'buf' and 'len' fields of the struct osmo_strbuf, leaving the 'pos' field implicitly initialized to NULL. Later, in this function, 'sb.pos' is passed to ctime_r() and strlen(), leading to a NULL pointer dereference (segfault) in certain scenarios. This situation can occur when color logging is disabled or when a specific logging subsystem has no associated color. Any application using libosmocore's logging API would crash with the following config: log stderr logging filter all 1 logging timestamp 1 logging color 0 Fix this by initializing the 'pos' field explicitly. Change-Id: I7ec9badf525e03e54e10b725d820c636eaa3fd1c Fixes: d71331bc "logging: fix nul octets in log output / use osmo_strbuf" Fixes: CID#336550 --- M src/core/logging.c 1 file changed, 29 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/09/35309/1 diff --git a/src/core/logging.c b/src/core/logging.c index 0d215f4..6941f9b 100644 --- a/src/core/logging.c +++ b/src/core/logging.c @@ -488,7 +488,7 @@ { int ret; const char *c_subsys = NULL; - struct osmo_strbuf sb = { .buf = buf, .len = buf_len }; + struct osmo_strbuf sb = { .buf = buf, .pos = buf, .len = buf_len }; /* safety net in case of encountering errors and returning nothing */ buf[0] = '\0'; -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/35309?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I7ec9badf525e03e54e10b725d820c636eaa3fd1c Gerrit-Change-Number: 35309 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-MessageType: newchange