diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2012-11-08 10:55:52 +0100 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2012-11-08 10:55:52 +0100 |
| commit | 275230ceb1b09d2d62e436bd06e6a04a295d3a4d (patch) | |
| tree | e3d8e117027901b531f691d42aaa73a5e19ebb73 /grammar/rainerscript.c | |
| parent | c7a4fbcc0ad6819377c50b73a3a83822d2fe43aa (diff) | |
| download | rsyslog-275230ceb1b09d2d62e436bd06e6a04a295d3a4d.tar.gz rsyslog-275230ceb1b09d2d62e436bd06e6a04a295d3a4d.tar.bz2 rsyslog-275230ceb1b09d2d62e436bd06e6a04a295d3a4d.zip | |
bugfix: potential segfault due to invalid param handling in comparisons
This could happen in RainerScript comparisons (like contains); in some
cases an unitialized variable was accessed, which could lead to an
invalid free and in turn to a segfault.
Closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372
Thanks to Georgi Georgiev for reporting this bug and his great help
in solving it.
Diffstat (limited to 'grammar/rainerscript.c')
| -rw-r--r-- | grammar/rainerscript.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c index 733ebef4..2420ef31 100644 --- a/grammar/rainerscript.c +++ b/grammar/rainerscript.c @@ -1231,7 +1231,7 @@ evalStrArrayCmp(es_str_t *estr_l, struct cnfarray* ar, int cmpop) #define FREE_TWO_STRINGS \ if(bMustFree) es_deleteStr(estr_r); \ - if(expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ + if(expr->r->nodetype != 'S' && expr->r->nodetype != 'A' && r.datatype == 'S') es_deleteStr(r.d.estr); \ if(bMustFree2) es_deleteStr(estr_l); \ if(l.datatype == 'S') es_deleteStr(l.d.estr) |