[asterisk-bugs] [JIRA] (ASTERISK-20227) Segfault (possible memory corruption?)

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Fri Nov 9 16:36:21 CST 2012 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=199519#comment-199519 ] 

Richard Mudgett commented on ASTERISK-20227:
--------------------------------------------

The new backtrace does not show a crash that I would expect with MALLOC_DEBUG enabled.  The MALLOC_DEBUG code assumes that all allocations go through it.  I would expect to see a __ast_alloc_region() in that backtrace.

The MALLOC_DEBUG code wipes the contents of a released block with the 0xdeaddead value and delays actually freeing the memory.

The debug code will prevent memory corruption writes from causing a crash because the freeing of a block is delayed.  When the block is rotated back to the heap, it is checked to see if the memory has been changed from 0xdeaddead.

The debug code should cause a crash if a released block attempts to dereference a pointer because a released block is wiped with the 0xdeaddead value.  Therefor, a dereference of a freed pointer will attempt to dereference the address 0xdeaddead which is usually an invalid memory address.

If you also enable DO_CRASH option, a crash will be forced if an assertion fails or MALLOC_DEBUG reports a warning.
                
> Segfault (possible memory corruption?)
> --------------------------------------
>
>                 Key: ASTERISK-20227
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20227
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: General
>    Affects Versions: 1.8.15.0
>         Environment: Linux
>            Reporter: Jared Smith
>         Attachments: another_backtrace.20120820, asterisk_backtrace_09032012.txt, asterisk_configs.tgz, backtrace_20227.txt, backtrace.3975, malloc_backtrace.txt, malloc-enhancements-1.8.15.0.diff
>
>
> Another segfault I'm seeing (not the same one as ASTERISK-20226). Opening this bug at the request of mjordan.
> [Edit by Rusty Newton - removed older backtrace *from description* and attached as backtrace_20227.txt]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list