[asterisk-bugs] [Asterisk 0010184]: Invalid memory reference crash in aji_handle_presence
noreply at bugs.digium.com
noreply at bugs.digium.com
Mon Aug 13 05:19:12 CDT 2007
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=10184
======================================================================
Reported By: danmckeehan
Assigned To: phsultan
======================================================================
Project: Asterisk
Issue ID: 10184
Category: Resources/res_jabber
Reproducibility: random
Severity: crash
Priority: normal
Status: assigned
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 74204
Disclaimer on File?: No
Request Review:
======================================================================
Date Submitted: 07-11-2007 15:22 CDT
Last Modified: 08-13-2007 05:19 CDT
======================================================================
Summary: Invalid memory reference crash in
aji_handle_presence
Description:
I have had the following crash several times. Crash is in res_jabber:
http://bugs.digium.com/view.php?id=7 0x0012bf8b in aji_handle_presence
(client=Cannot access memory at
address 0xb02b102c
) at res_jabber.c:1283
status = Cannot access memory at address 0xb02b1018
1283 if (!strcasecmp(tmp->resource,
pak->from->resource)) {
(gdb) bt full
http://bugs.digium.com/view.php?id=0 0x005388f7 in strcasecmp () from
/lib/libc.so.6
No symbol table info available.
http://bugs.digium.com/view.php?id=1 0x000000b0 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=2 0x0000006c in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=3 0x00133130 in ?? () from
/usr/lib/asterisk/modules/res_jabber.so
No symbol table info available.
http://bugs.digium.com/view.php?id=4 0x092b1024 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=5 0x0913ae04 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=6 0xb7d37e78 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=7 0x0012bf8b in aji_handle_presence
(client=Cannot access memory at
address 0xb02b102c
) at res_jabber.c:1283
status = Cannot access memory at address 0xb02b1018
(gdb) list res_jabber.c:1283
warning: Source file is more recent than executable.
1278 priority = atoi((iks_find_cdata(pak->x, "priority")) ?
iks_find_cdata(pak->x, "priority") : "0");
1279 tmp = buddy->resources;
1280 descrip = ast_strdup(iks_find_cdata(pak->x,"status"));
1281
1282 while (tmp) {
1283 if (!strcasecmp(tmp->resource,
pak->from->resource)) {
1284 tmp->status = status;
1285 if (tmp->description)
ast_free(tmp->description);
1286 tmp->description = descrip;
1287 found = tmp;
======================================================================
----------------------------------------------------------------------
phsultan - 08-13-07 05:19
----------------------------------------------------------------------
I have been working with Dan on this problem for a couple of days now, two
problems have shown up, both related to the resource jid processing in the
aji_handle_presence function.
Upon priority change, the resource list is not NULL terminated when moving
an item to the end of the list. This makes Asterisk endlessy loop whenever
reading the list.
Upon reception of a 'from' attribute with an empty resource string,
Asterisk crashes when trying to access the found->cap pointer if the
resource list for the given buddy is not empty. This situation is perfectly
valid and must be handled.
I will provide a fix to both problems soon.
Issue History
Date Modified Username Field Change
======================================================================
08-13-07 05:19 phsultan Note Added: 0068760
======================================================================
More information about the asterisk-bugs
mailing list