fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/35309?usp=email )

Change subject: logging: fix NULL pointer dereference in _output_buf() ......................................................................

logging: fix NULL pointer dereference in _output_buf()

In the _output_buf() we explicitly initialize only the 'buf' and 'len' fields of the struct osmo_strbuf, leaving the 'pos' field implicitly initialized to NULL. Later, in this function, 'sb.pos' is passed to ctime_r() and strlen(), leading to a NULL pointer dereference (segfault) in certain scenarios.

This situation can occur when color logging is disabled or when a specific logging subsystem has no associated color. Any application using libosmocore's logging API would crash with the following config:

log stderr logging filter all 1 logging timestamp 1 logging color 0

Fix this by initializing the 'pos' field explicitly.

Change-Id: I7ec9badf525e03e54e10b725d820c636eaa3fd1c Fixes: d71331bc "logging: fix nul octets in log output / use osmo_strbuf" Fixes: CID#336550 --- M src/core/logging.c 1 file changed, 29 insertions(+), 1 deletion(-)

git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/09/35309/1

diff --git a/src/core/logging.c b/src/core/logging.c index 0d215f4..6941f9b 100644 --- a/src/core/logging.c +++ b/src/core/logging.c @@ -488,7 +488,7 @@ { int ret; const char *c_subsys = NULL; - struct osmo_strbuf sb = { .buf = buf, .len = buf_len }; + struct osmo_strbuf sb = { .buf = buf, .pos = buf, .len = buf_len };

/* safety net in case of encountering errors and returning nothing */ buf[0] = '\0';