log: fix use-after-free in 47dfcb7

Causes pettycoin to segv (generator logs). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
rustyrussell · Oct 27, 2014 · 531671c · 531671c
1 parent 4941699
commit 531671c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/log.c b/log.c
@@ -145,7 +145,7 @@ static void add_entry(struct log *log, struct log_entry *l)
 
 static struct log_entry *new_log_entry(struct log *log, enum log_level level)
 {
-	struct log_entry *l = tal(log, struct log_entry);
+	struct log_entry *l = tal(log->lr, struct log_entry);
 
 	l->time = time_now();
 	l->level = level;

diff --git a/test/run-06-log.c b/test/run-06-log.c
@@ -122,9 +122,13 @@ int main(void)
 	wait(&status);
 	assert(WIFEXITED(status) && WEXITSTATUS(status) == 0);
 
+	/* Make sure log record survives freeing of log. */
+	tal_free(log);
+
 	/* This cleans us out! */
+	log = new_log(ctx, lr, "PREFIX2:");
 	log_debug(log, "Overflow!");
-	
+
 	/* Make child write log, be sure it's correct. */
 	pipe(fds);
 	switch (fork()) {
@@ -147,8 +151,8 @@ int main(void)
 	assert(tal_strreg(p, p,
 			  "([0-9]*) bytes, Sun Nov 10 06:27:35 2013\n"
 			  "\\.\\.\\. 4 skipped\\.\\.\\.\n"
-			  "\\+0.000000004 PREFIX:DEBUG: Overflow!\n"
-			  "\\+0.000000004 PREFIX:DEBUG: Log pruned 4 entries \\(mem ([0-9]*) -> ([0-9]*)\\)\n\n", &mem1, &mem2, &mem3));
+			  "\\+0.000000004 PREFIX2:DEBUG: Overflow!\n"
+			  "\\+0.000000004 PREFIX2:DEBUG: Log pruned 4 entries \\(mem ([0-9]*) -> ([0-9]*)\\)\n\n", &mem1, &mem2, &mem3));
 	assert(atoi(mem1) < maxmem);
 	assert(atoi(mem2) >= maxmem);
 	assert(atoi(mem3) < maxmem);