[asterisk-bugs] [JIRA] Status Changed to Waiting for Development: (ASTERISK-20231) codec_ilbc using memcpy instead of memmove for overlapping mem

Rusty Newton (JIRA) noreply at issues.asterisk.org
Thu Aug 16 18:37:07 CDT 2012


     [ https://issues.asterisk.org/jira/browse/ASTERISK-20231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-20231:
------------------------------------

    Status: Open  (was: Triage)

> codec_ilbc using memcpy instead of memmove for overlapping mem
> --------------------------------------------------------------
>
>                 Key: ASTERISK-20231
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20231
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Codecs/codec_ilbc
>    Affects Versions: 1.8.15.0
>            Reporter: Walter Doekes
>            Severity: Minor
>         Attachments: ASTERISK-20231.patch
>
>
> According to the valgrind at https://issues.asterisk.org/jira/secure/attachment/43983/valgrind_2012-06-27.txt ( ASTERISK-19890 ), iLBC uses memcpy when it should use memmove.
> {noformat}
> ==26282== Source and destination overlap in memcpy(0x7feffcc40, 0x7feffcce0, 428)
> ==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
> ==26282==    by 0x11720BEE: Decode (iLBC_decode.c:254)
> ==26282==    by 0x11721768: iLBC_decode (iLBC_decode.c:507)
> ==26282==    by 0x11720116: ilbctolin_framein (codec_ilbc.c:113)
> ==26282==    by 0x567ED3: framein (translate.c:218)
> ==26282==    by 0x568C84: calc_cost (translate.c:437)
> ==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
> ==26282==    by 0x11720411: load_module (codec_ilbc.c:205)
> ==26282==    by 0x4EA140: start_resource (loader.c:796)
> ==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
> ==26282==    by 0x4EB176: load_modules (loader.c:1137)
> ==26282==    by 0x44628F: main (asterisk.c:3902)
> ==26282== 
> ==26282== Source and destination overlap in memcpy(0x7feffcc40, 0x7feffcce0, 428)
> ==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
> ==26282==    by 0x11720DEE: Decode (iLBC_decode.c:302)
> ==26282==    by 0x11721768: iLBC_decode (iLBC_decode.c:507)
> ==26282==    by 0x11720116: ilbctolin_framein (codec_ilbc.c:113)
> ==26282==    by 0x567ED3: framein (translate.c:218)
> ==26282==    by 0x568C84: calc_cost (translate.c:437)
> ==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
> ==26282==    by 0x11720411: load_module (codec_ilbc.c:205)
> ==26282==    by 0x4EA140: start_resource (loader.c:796)
> ==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
> ==26282==    by 0x4EB176: load_modules (loader.c:1137)
> ==26282==    by 0x44628F: main (asterisk.c:3902)
> ==26282== 
> ==26282== Source and destination overlap in memcpy(0x7feffd4a0, 0x7feffd540, 428)
> ==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
> ==26282==    by 0x117228F9: iLBC_encode (iLBC_encode.c:311)
> ==26282==    by 0x11720309: lintoilbc_frameout (codec_ilbc.c:153)
> ==26282==    by 0x568CBD: calc_cost (translate.c:439)
> ==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
> ==26282==    by 0x11720430: load_module (codec_ilbc.c:207)
> ==26282==    by 0x4EA140: start_resource (loader.c:796)
> ==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
> ==26282==    by 0x4EB176: load_modules (loader.c:1137)
> ==26282==    by 0x44628F: main (asterisk.c:3902)
> ==26282== 
> ==26282== Source and destination overlap in memcpy(0x7feffd4a0, 0x7feffd540, 428)
> ==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
> ==26282==    by 0x11722D50: iLBC_encode (iLBC_encode.c:389)
> ==26282==    by 0x11720309: lintoilbc_frameout (codec_ilbc.c:153)
> ==26282==    by 0x568CBD: calc_cost (translate.c:439)
> ==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
> ==26282==    by 0x11720430: load_module (codec_ilbc.c:207)
> ==26282==    by 0x4EA140: start_resource (loader.c:796)
> ==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
> ==26282==    by 0x4EB176: load_modules (loader.c:1137)
> ==26282==    by 0x44628F: main (asterisk.c:3902)
> {noformat}
> And valgrind is right.
> CB_MEML = 147
> SUBL = 40
> => memcpy(x, x + 40, 4 * (147-40))
> In 4 places.
> There might be more, but valgrind didn't report those, and I didn't check any further ;)
> Regards,
> Walter

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list