View Issue Details

IDProjectCategoryView StatusLast Update
0032243mantisbtplug-inspublic2023-04-11 19:07
Reportervboctor Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.25.5 
Target Version2.25.7Fixed in Version2.25.7 
Summary0032243: EVENT_LOG can produce stack overflow when LOG_DATABASE is enabled
Description

If a plugin hooks into EVENT_LOG event and writes to the database, then that would trigger LOG_DATABASE which would trigger EVENT_LOG, and so on.

Ideally, we don't protect this on the plugin level (e.g. EventLog plugin), but protect against this issue in the plugin API.

Steps To Reproduce
  • Install EventLog plugin
  • Enable LOG_DATABASE
  • Create an issue
TagsNo tags attached.

Activities

dregad

dregad

2023-03-28 04:17

developer   ~0067586

Infinite recursion loop could occur not only for LOG_DATABASE, but also for any other logging event type triggered by a plugin hooked on EVENT_LOG.

dregad

dregad

2023-03-28 06:37

developer   ~0067587

Probably the same issue previously reported at https://github.com/mantisbt-plugins/EventLog/issues/3

dregad

dregad

2023-03-28 06:59

developer   ~0067588

I had a quick look at this over lunch break, and I think the problem could be avoided by not calling the EVENT_LOG event if we are already processing it.

Proposed fix https://github.com/mantisbt/mantisbt/pull/1877

Related Changesets

MantisBT: master-2.25 b5259af0

2023-03-28 06:58

dregad


Details Diff
Prevent recursion when signaling EVENT_LOG event

If a plugin hooked on EVENT_LOG calls log_event() directly or indirectly
and the log level settings include the level for the event being logged,
MantisBT enters in an endless recursion loop.

Using a static variable to prevent recursion if EVENT_LOG has already
been signaled prevents this.

Fixes 0032243
Fixes https://github.com/mantisbt-plugins/EventLog/issues/3
Affected Issues
0032243
mod - core/logging_api.php Diff File