Hello all,
This is my first post on the postfix-devel mailing list.
While investigating a problem with postlog.c in postfix release 2.6.6
seg faulting when invoked as "postlog -h", we discovered that the code
was trying to print a string called tag, but the tag variable had been
set to a null pointer at line 209:
tag = 0;
In later versions (I checked 2.10 and 3.1) of the postlog.c code, that
line has been removed, eliminating the seg fault problem, however the
code after the while loop (line 243 in 2.6.6, and still present in 3.1)
still seems to expect that the value of tag can be 0 at that point:
if (tag == 0 && strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0) {
...
From our reading of the code, tag can never be 0 there, so that makes
the "then" part of the if statement dead code.
After that, there's another if statement (line 254) that will always
evaluate as true:
if (tag != 0) {
...
In summary, I believe that removing the "tag = 0;" line was not the
right fix for the seg fault bug, but it's not clear to me what the right
fix is.
Instead of removing the tag = 0; line, we opted to make this change
to line 217:
- msg_fatal("usage: %s [-c config_dir] [-i] [-p priority] [-t
tag] [-v] [text]", tag);
+ msg_fatal("usage: %s [-c config_dir] [-i] [-p priority] [-t
tag] [-v] [text]", argv[0]);
basically, change what is being printed. Even though this is not a
perfect fix, we belive it's closer to being right than the "tag = 0;"
solution.
Thanks for your consideration,
Corey Ashford
Linux Technology Center, IBM Systems
IBM Corp.
