createInstance() left stateFile and bMain uninitialized. When a
statefile was configured, activateCnf() attempted to free the garbage
pointer, leading to free(): invalid pointer at startup. Initialize
these fields to sane defaults.
Fixes https://github.com/rsyslog/rsyslog/issues/5730
AI-Agent: ChatGPT
This addresses a small one-time leak in option parsing, reported by
clang static analyzer. While it is practically invisible in real use,
fixing it improves code hygiene and keeps analyzers clean.
Impact: No user-visible effect; prevents analyzer warnings.
Technical details:
Previously, a buffer created by strdup() for container log options
was not always released, leading to a minor leak during config load.
The code now allocates once, uses CHKmalloc for safety, and frees the
buffer in the finalize step. This ensures consistent memory ownership
without altering module behavior. No changes to runtime logging flow,
queue semantics, or config parameter interpretation.
While at the time of merge I was confident it would fix a data race,
the root cause has now surfaced to be a simple state advancement
(single-threaded) bug. See commit c5fd73499 for details. As such
I revert this patch. it caused no harm, but complicates code, adds
a bit of computation and is no longer needed.
I cannot 100% outrule it might have addressed some edge cases.
I know an environment where we can verify this within the next
month or so. If, unexpectedly, this shows regressions, we can
re-enable the patch. But I am 99.99% sure it is not needed.
see also: https://github.com/rsyslog/rsyslog/pull/5806
see also: https://github.com/rsyslog/rsyslog/pull/5993
inQueue guarded against double-queuing of descriptors.
The server uses EPOLLONESHOT and only one dispatcher, so
a descriptor is enqueued at most once before being
processed. The extra flag and atomic helpers are dead
code. Removing them simplifies queue management.
AI-Agent: ChatGPT
This replaces the former clang static analyzer check via buildbot, which needed quite some baby-sitting due to environment constraints. For the next time, run it via github action.
Note that we use the same core script to run the analyzer like we did previously. This means we can also switch back with ease.
Split monolithic templates doc into hub and ten reference pages.
Normalize parameter casing to lowerCamelCase and modernize cross references.
Add summary include blocks and table navigation.
AI-Agent: ChatGPT
Static analysis cleanup to remove a possible read of uninitialized data.
This reduces undefined behavior risk with negligible overhead and aligns
with best practices for network address handling.
Impact: No functional change expected on correct systems; on buggy
getpeername() implementations we now return -1 instead of a random port.
Before: addr could contain garbage when getpeername() failed/partially
filled it, leading to spurious port extraction.
After: addr is zero-initialized; if family/port are not set we keep
*port at -1 and treat it as "no remote port".
Technically, GetRemotePort() now zeroes the local sockaddr_storage
before calling getpeername(). This prevents subsequent AF_INET/AF_INET6
parsing from reading uninitialized fields. No changes to RS_RET codes,
queues, OMODTX, or HUP semantics. No tests/docs touched.
Modernize our dev/CI matrix to match current distro lines and reduce
toolchain drift. This keeps project-provided images aligned with what
contributors run locally and moves us toward “project-supported” bases.
Impact: CI matrix refresh only; no runtime behavior change intended.
Before: CI used Fedora 35/36 and Debian 10/11 dev-base images.
After: CI uses Fedora 41/42 and Debian 11/13 dev-base images.
Update run_checks.yml to use new container tags and pass consistent
configure extras (incl. enabling dtls in relevant jobs). Add Dockerfiles
and helper scripts for debian:13 and fedora:{41,42}. Bump the cached
ZooKeeper tarball to 3.9.3 across legacy images. Debian 13 adds a small
libgcrypt-config wrapper that defers to pkg-config to keep builds working.
Fedora images refresh toolchains (clang18 et al.) and re-sync module flags.
No API/ABI changes; this is build/CI plumbing only.
closes: https://github.com/rsyslog/rsyslog/issues/5989
This fixes a real-world segfault seen in production. The loop could
continue after closing a session and touch freed state on EPOLL builds.
The change makes the termination explicit to prevent crashes.
Impact: prevents segfaults in rare error paths; loop ends earlier after
a close, which may skip remaining iteration work for that session.
Before/After: before, the read/error branch could continue after
closeSess() and use freed pioDescr/pSess; after, we set do_run=0 and
exit the loop, avoiding any further dereference.
Technical: closeSess() on EPOLL removes the fd from epoll and frees the
io descriptor; callers must not access pioDescr or pSess after return.
We now set do_run=0 right after CHKiRet(closeSess(...)) in the read/
error path, matching the documented contract that both pointers become
invalid. We also improve closeSess() documentation to state pre/post
conditions, unlocking behavior, and epoll semantics, and fix a comment
typo ("epoll_Ctl"). No API/ABI change; action queues and stats are
unchanged. HUP and OMODTX semantics are unaffected.
Make omprog docs easier to navigate and link while improving structure
for AI tooling and programmatic ingestion. This aids both humans and
assistants in finding a single parameter quickly with stable anchors.
BEFORE: All action parameters lived inline in modules/omprog.rst.
AFTER: Each parameter has its own reference page; omprog.rst shows a
list-table with concise summaries and a hidden toctree.
Technically, move each action parameter into
doc/source/reference/parameters/omprog-*.rst with stable anchors
(param-omprog-* and omprog.parameter.action.*), a summary block,
metadata (type/default/introduced), usage snippets, and legacy
directive mappings. The module page now pulls per-parameter summaries
via include directives and adds a hidden toctree for discovery.
Cross-references were aligned, legacy names preserved (e.g.
$ActionOMProgBinary), and a non-normative note recommends camelCase
for readability. No runtime or API/ABI changes; documentation only.
With help from AI coding Agents: codex, Gemini
see also: https://github.com/rsyslog/rsyslog/issues/5933
This adds repository-level instructions to guide GitHub Copilot in
producing higher quality and safer pull requests. It is part of the
"AI First" approach, aiming to improve contributor experience and
reduce review friction.
Impact: no change to runtime or user-facing behavior.
The new files under `.github/` provide scoped rules for Copilot across
documentation, plugins, and contrib modules. They emphasize alignment
with AGENTS.md, developer checklists, and module maps. Guardrails cover
quoting, doc structure, config conventions, and mandatory source
citations. The intent is to ensure AI-assisted edits follow existing
rsyslog patterns and remain minimal and test-backed.
These changes are additive only and have no effect on rsyslog code,
APIs, or operational semantics. They prepare the repo for more
consistent AI-assisted contributions.
Inline code docs clarify when omfwd should suspend an action in pooled
TCP forwarding. This improves maintainability and reduces ambiguity for
future changes and reviews.
Impact: No user-visible behavior change; semantics documented.
Before/After: Before, a per-target flush failure could be read as
suspending the action; after, SUSPENDED is returned only when the pool
has zero active targets.
Technically, commitTransaction no longer marks the action suspended on
a single-target flush failure. We destruct the failing target, keep the
commit OK, and rely on pool stats plus `countActiveTargets()` to decide
pool-wide availability. Only when `nActiveTargets == 0` do we return
RS_RET_SUSPENDED, engaging the action engine's retry. Buffered frames
for a failed target remain with that target and are flushed after
`doTryResume()` re-establishes the connection in a later transaction.
This preserves existing omfwd pool semantics while documenting them in
code comments for clarity.
Refs: no issue
Trailing semicolons in atomic helper macros caused double
semicolons when the macros expanded, producing build warnings.
Macros now omit semicolons and call sites add them explicitly.
STATSCOUNTER_DEF updated to terminate the generated mutex line.
AI-Agent: ChatGPT
This turns the AI-First vision from words into verifiable practice.
It documents how we apply AI responsibly and shows the checks that
protect users, contributors, and releases.
Before: high-level narrative with few proofs.
After: structured principles plus Golden Path, Guardrails, Safeguards,
and CI gates users can verify.
The page is renamed to "AI-First (Human-Controlled)" and reorganized
with Sphinx anchors, index terms, and meta fields for better retrieval.
It adds Golden Path guidance (low-friction, good-default workflows) and
explicit Guardrails (style, structure, commit/PR templates, provenance).
It then lists concrete Safeguards that actually gate PRs and releases:
multi-distro builds, sanitizers, distcheck, coverage, CodeQL, and
selective workflows, including file paths to GitHub Actions. Buildbot
is noted for extended checks. A "Visible Artifacts" section shows how
contributors can observe the process (assistants, reviewer bot, docs
metadata). Roles, operational rules, and a change log round out the
page. No runtime or ABI changes.
This update aims to improve trust and maintainability by making the
responsible AI approach inspectable and reproducible across time.
