[Asterisk-bugs] [Asterisk 0010184]: Invalid memory reference crash in aji_handle_presence

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Jul 16 16:34:49 CDT 2007


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10184 
====================================================================== 
Reported By:                danmckeehan
Assigned To:                phsultan
====================================================================== 
Project:                    Asterisk
Issue ID:                   10184
Category:                   Resources/res_jabber
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 74204 
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             07-11-2007 15:22 CDT
Last Modified:              07-16-2007 16:34 CDT
====================================================================== 
Summary:                    Invalid memory reference crash in
aji_handle_presence
Description: 
I have had the following crash several times.  Crash is in res_jabber:
http://bugs.digium.com/view.php?id=7  0x0012bf8b in aji_handle_presence
(client=Cannot access memory at
address 0xb02b102c
) at res_jabber.c:1283
        status = Cannot access memory at address 0xb02b1018

1283                    if (!strcasecmp(tmp->resource,
pak->from->resource)) {

(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x005388f7 in strcasecmp () from
/lib/libc.so.6
No symbol table info available.
http://bugs.digium.com/view.php?id=1  0x000000b0 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=2  0x0000006c in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=3  0x00133130 in ?? () from
/usr/lib/asterisk/modules/res_jabber.so
No symbol table info available.
http://bugs.digium.com/view.php?id=4  0x092b1024 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=5  0x0913ae04 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=6  0xb7d37e78 in ?? ()
No symbol table info available.
http://bugs.digium.com/view.php?id=7  0x0012bf8b in aji_handle_presence
(client=Cannot access memory at
address 0xb02b102c
) at res_jabber.c:1283
        status = Cannot access memory at address 0xb02b1018


(gdb) list res_jabber.c:1283
warning: Source file is more recent than executable.

1278            priority = atoi((iks_find_cdata(pak->x, "priority")) ?
iks_find_cdata(pak->x, "priority") : "0");
1279            tmp = buddy->resources;
1280            descrip = ast_strdup(iks_find_cdata(pak->x,"status"));
1281
1282            while (tmp) {
1283                    if (!strcasecmp(tmp->resource,
pak->from->resource)) {
1284                            tmp->status = status;
1285                            if (tmp->description)
ast_free(tmp->description);
1286                            tmp->description = descrip;
1287                            found = tmp;

====================================================================== 

---------------------------------------------------------------------- 
 danmckeehan - 07-16-07 16:34  
---------------------------------------------------------------------- 
I added the following to the file before the strcasecmp to check for null
pointers
+               if(!tmp->resource) {
+                       ast_log(LOG_ERROR, "!!!! tmp resource was
null!\n");
+                       break;
+               }
+               if(!pak) {
+            ast_log(LOG_ERROR, "!!!! pak resource was null!\n");
+                       break;
+               }
+        if(!pak->from) {
+            ast_log(LOG_ERROR, "!!!! pak from  resource was null!\n");
+                       break;
+        }
+        if(!pak->from->resource) {
+            ast_log(LOG_ERROR, "!!!! pak from resource resource was
null!\n");
+               break;
+               }

None of these logged so the reference is an invalid pointer possibly cause
by iksemel processing. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-16-07 16:34  danmckeehan    Note Added: 0067412                          
======================================================================




More information about the asterisk-bugs mailing list