If you define a flag in your syslog-ng configuration file that is not supported by syslog-ng, syslog-ng segfaults if you try to start the service: /etc/init.d/syslog-ng: line 22: 10842 Segmentation fault syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf) [ !! ] * ERROR: syslog-ng failed to start Reproducible: Always Steps to Reproduce: 1. Edit /etc/syslog-ng/syslog-ng.conf and add an invalid flag to configuration line (e.g.: destination df_dummy { file("/var/log/dummy" flags(invalid-flag)); }; 2. Start the syslog-ng service ( rc-config start syslog-ng ) Actual Results: Syslog-ng segfaults, the service does not start Expected Results: Syslog-ng should only print a message about an invalid configuration. The segmentation fault is highly irritating because it suggests that there is something wrong with the compilation / glibc is broken / etc. The init-script of syslog-ng first tries to validate the configuration file: syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf The error occurs in the source file lib/cfg-parser.c #263 for (h = 0; handlers[h].name; h++) { CfgFlagHandler *handler = &handlers[h]; if (strcmp(handlers[h].name, flag) == 0) { switch (handler->op) ... The loop goes through all flags known to syslog-ng and tries to match it to the current flag which is read from the configuration file. The idea is that the for-loop will stop as soon as handlers[h].name == NULL. I debugged this code, and saw that handlers[h].name never equals NULL. After reaching the end of the array, handlers[h].name points to some random memory location. strcmp() then tries to access this invalid memory location and crashes. I think there are 2 problems to be fixed here: 1. The for-loop should terminate by reaching the max. number of elements in the array, and not by looking at the value of a string address. Alternatively you have to make absolutely sure that the last element in the array contains a NULL address for the name variable. 2. strcmp() should be replaced by strncmp() to make sure that only a certain number of characters are used for comparison. In that way strcmp() would not crash even if one of the strings points to a string address that is not \0 terminated.
Just forgot to mention that the segfault was introduced with version 3.2. Syslog-ng-3.1.x and older did not show this behavior.
Created attachment 272939 [details, diff] syslog-ng-3.2.4-cfgparser-fix.patch Something like this should probably work.
Yes, works for me. No more segfault. Syslog-ng now shows the line and position of the invalid flag.
I think this is fixed in later syslog-ng versions.