[asterisk-bugs] [JIRA] (ASTERISK-24566) Uninit buf in WS close()
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Thu Dec 11 16:26:29 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223988#comment-223988 ]
Matt Jordan commented on ASTERISK-24566:
----------------------------------------
[~slavon]: I think it would be good to know what is attempting to be written into that buffer when valgrind complains about it. You may want to try some additional debug that shows that - if what goes into the buffer is not expected, then we can better understand what the solution should be.
> Uninit buf in WS close()
> ------------------------
>
> Key: ASTERISK-24566
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24566
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_http_websocket
> Affects Versions: 11.14.1
> Reporter: Badalian Vyacheslav
> Assignee: Badalian Vyacheslav
> Severity: Critical
> Attachments: un.diff
>
>
> {code}
> ==50066== Thread 35:
> ==50066== Conditional jump or move depends on uninitialised value(s)
> ==50066== at 0x37C9E722CB: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:872)
> ==50066== by 0x37C9E74638: _IO_default_xsputn (genops.c:485)
> ==50066== by 0x37C9E71791: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1372)
> ==50066== by 0x37C9E67A4C: fwrite (iofwrite.c:45)
> ==50066== by 0x59A62E: ast_careful_fwrite (utils.c:1403)
> ==50066== by 0x9F86F96: ast_websocket_close (res_http_websocket.c:211)
> ==50066== by 0x9F86B3B: session_destroy_fn (res_http_websocket.c:125)
> ==50066== by 0x44D123: internal_ao2_ref (astobj2.c:466)
> ==50066== by 0x44D444: __ao2_ref (astobj2.c:548)
> ==50066== by 0x9F872D9: ast_websocket_unref (res_http_websocket.c:288)
> ==50066== by 0x11245ACD: __sip_destroy (chan_sip.c:6487)
> ==50066== by 0x11246A92: sip_destroy (chan_sip.c:6688)
> ==50066== Uninitialised value was created by a stack allocation
> ==50066== at 0x9F86EA9: ast_websocket_close (res_http_websocket.c:193)
> ==50066==
> ==50066== Syscall param write(buf) points to uninitialised byte(s)
> ==50066== at 0x37C9EDB61D: ??? (syscall-template.S:82)
> ==50066== by 0x5891EC: tcptls_stream_write (tcptls.c:335)
> ==50066== by 0x37C9E66FD8: _IO_cookie_write (iofopncook.c:72)
> ==50066== by 0x37C9E73084: _IO_do_write@@GLIBC_2.2.5 (fileops.c:522)
> ==50066== by 0x37C9E723DE: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:881)
> ==50066== by 0x37C9E74638: _IO_default_xsputn (genops.c:485)
> ==50066== by 0x37C9E71791: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1372)
> ==50066== by 0x37C9E67A4C: fwrite (iofwrite.c:45)
> ==50066== by 0x59A62E: ast_careful_fwrite (utils.c:1403)
> ==50066== by 0x9F86F96: ast_websocket_close (res_http_websocket.c:211)
> ==50066== by 0x9F86B3B: session_destroy_fn (res_http_websocket.c:125)
> ==50066== by 0x44D123: internal_ao2_ref (astobj2.c:466)
> ==50066== Address 0x6eb0e73 is 131 bytes inside a block of size 280 alloc'd
> ==50066== at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
> ==50066== by 0x37C9E6718D: fopencookie@@GLIBC_2.2.5 (iofopncook.c:200)
> ==50066== by 0x5895DB: tcptls_stream_fopen (tcptls.c:506)
> ==50066== by 0x589895: handle_tcptls_connection (tcptls.c:592)
> ==50066== by 0x599DDB: dummy_start (utils.c:1192)
> ==50066== by 0x37CA2079D0: start_thread (pthread_create.c:301)
> ==50066== by 0x37C9EE89DC: clone (clone.S:115)
> ==50066== Uninitialised value was created by a stack allocation
> ==50066== at 0x9F86EA9: ast_websocket_close (res_http_websocket.c:193)
> ==50066==
> {code}
> Patch attached bellow
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list