vcl.show possible segmentation fault when using format-strings

[nav]

Using following vcl code may cause segfault while handling vcl.show command.

C{
  void whatever_function_that_is_never_called(){
    // Important part are the %s
    syslog(0, "%s %s %s", "", "", "");
  }
}C

Problem occurs when mentioned command is issued. To show code function cli_out is used without additional arguments. This function handles input as format string + params - therefore these %s will be replaced by data on stack.

Sometimes you can get only trash in your vcl code, but its possible to get segfault. The more %s the bigger is probability of segfault.

[nav]

15 _IO_vfprintf_internal() vfprintf.c:1614 0xb751750b	
14 _IO_vsnprintf()         vsnprintf.c:120 0xb7537460	
13 vsb_vprintf()           varnish-cache/lib/libvarnish/vsb.c:326 0xb76bbb14	
12 cli_out()               varnish-cache/lib/libvarnish/cli_common.c:64 0xb76b4e6a	
11 mcf_config_show()       varnish-cache/bin/varnishd/mgt_vcc.c:676 0x0808cb27	
10 cls_dispatch()          varnish-cache/lib/libvarnish/cli_serve.c:224 0xb76b5b26	
9 cls_vlu()                varnish-cache/lib/libvarnish/cli_serve.c:294 0xb76b5f7c	
8 LineUpProcess()          varnish-cache/lib/libvarnish/vlu.c:157 0xb76ba291	
7 VLU_Fd()                 varnish-cache/lib/libvarnish/vlu.c:182 0xb76ba487	
6 CLS_PollFd()             varnish-cache/lib/libvarnish/cli_serve.c:426 0xb76b6a40	
5 mgt_cli_callback2()      varnish-cache/bin/varnishd/mgt_cli.c:383 0x08088b08	
4 vev_schedule_one()       varnish-cache/lib/libvarnish/vev.c:501 0xb76b9c83	
3 vev_schedule()           varnish-cache/lib/libvarnish/vev.c:366 0xb76b948c	
2 MGT_Run()                varnish-cache/bin/varnishd/mgt_child.c:613 0x080861bf	
1 main()                   varnish-cache/bin/varnishd/varnishd.c:700 0x08099fd5	

Stack trace from where segfault occured (lines may differ from original code). Tested on 2.1 branch, but trunk is also affected.

[phk]

Fixed in r5073, thanks!