[asterisk-bugs] [Asterisk 0018789]: res_config_ldap with malloc_debug produces munmap_chunk(): invalid pointer:

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Mar 21 09:25:31 CDT 2011 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=18789 
====================================================================== 
Reported By:                jcovert
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   18789
Category:                   Resources/res_config_ldap
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     acknowledged
Asterisk Version:           SVN 
JIRA:                       SWP-3119 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.8 
SVN Revision (number only!): 304866 
Request Review:              
====================================================================== 
Date Submitted:             2011-02-11 00:21 CST
Last Modified:              2011-03-21 09:25 CDT
====================================================================== 
Summary:                    res_config_ldap with malloc_debug produces
munmap_chunk(): invalid pointer:
Description: 
If malloc_debug is turned on, as soon as an ldap realtime peer attempts to
register, wham.

This occurs at the ldap_mods_free call at line 1338.

Problem occurs with or without the patch from issue 18435 (i.e. with
straight 1.8.2.3 or with SVN revision 304866 of res_config_ldap.c)

Runs "ok" without malloc_debug.

Backtrace attached.
====================================================================== 

---------------------------------------------------------------------- 
 (0133035) wdoekes (reporter) - 2011-03-21 09:25
 https://issues.asterisk.org/view.php?id=18789#c133035 
---------------------------------------------------------------------- 
This is quite obvious why it goes bad.

ldap_mod_free() is asked to undo ast_calloc allocations.

When MEMORY_DEBUG is on, the memory position that we're holding is not the
place that was really allocated. So, free() cannot and should not be called
on anything created by ast_calloc.

I don't know what ldap_mods_free() does or is supposed to do, but I figure
a loop over ldap_mods with an ast_free would be more appropriate. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-03-21 09:25 wdoekes        Note Added: 0133035                          
======================================================================

More information about the asterisk-bugs mailing list