[asterisk-bugs] [JIRA] (ASTERISK-23508) Memory Corruption in __ast_string_field_ptr_build_va

Matt Jordan (JIRA) noreply at issues.asterisk.org
Tue Mar 25 09:57:18 CDT 2014


    [ https://issues.asterisk.org/jira/browse/ASTERISK-23508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=216798#comment-216798 ] 

Matt Jordan commented on ASTERISK-23508:
----------------------------------------

Since you believe you have found the source of the corruption, do you have a possible solution in mind? If so, a patch would probably help speed up any issue resolution.

> Memory Corruption in __ast_string_field_ptr_build_va
> ----------------------------------------------------
>
>                 Key: ASTERISK-23508
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23508
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Utilities/General
>    Affects Versions: 11.8.0
>         Environment: Centos 6.5 / x86_64
>            Reporter: Arnd Schmitter
>
> We had serveral cases of memory corruption which occured inside this function, which resulted in random segmentation faults.
> We have already found the cause of the corruption:
> It happens when the variable space, at the start of the functions calculates to a value of 0.
> When the variable "available" later gets calculated, it will make a underrun and because its unsigned, the value gets very high.
> So the vsnprintf will always think there are enough bytes and write over the borders of the allocated memory area.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list