[asterisk-bugs] [JIRA] (ASTERISK-24963) ASAN: heap-use-after-free with PJSIP and WSS
Badalian Vyacheslav (JIRA)
noreply at issues.asterisk.org
Tue Apr 14 10:06:32 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-24963?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Badalian Vyacheslav updated ASTERISK-24963:
-------------------------------------------
Description:
{code}
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into...
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''.
[2015-04-14 18:04:38] DEBUG[12724]: taskprocessor.c:484 tps_taskprocessor_destroy: destroying taskprocessor 'd16a4163-0dfb-43ab-a3ca-c8753979582f'
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into...
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''.
== WebSocket connection from '172.30.0.154:49296' closed
=================================================================
==12652==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000156f94 at pc 0x4956e0 bp 0x7f13ab4c86a0 sp 0x7f13ab4c8698
READ of size 4 at 0x612000156f94 thread T29
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into...
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'.
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into...
[2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'.
#0 0x4956df in INTERNAL_OBJ /home/obs/asterisk-13.3.2/main/astobj2.c:121
#1 0x4957b9 in __ao2_lock /home/obs/asterisk-13.3.2/main/astobj2.c:151
#2 0x7f13b5414a90 in __ast_websocket_write /home/obs/asterisk-13.3.2/res/res_http_websocket.c:303
#3 0x7f139d199352 in ws_send_msg /home/obs/asterisk-13.3.2/res/res_pjsip_transport_websocket.c:67
#4 0x7f13b973d473 in pjsip_transport_send (/usr/lib/libpjsip.so.2+0x1e473)
#5 0x7f13b973b104 in pjsip_endpt_send_response (/usr/lib/libpjsip.so.2+0x1c104)
#6 0x7f13b973b1eb in pjsip_endpt_send_response2 (/usr/lib/libpjsip.so.2+0x1c1eb)
#7 0x7f13b589f424 in authenticate res_pjsip/pjsip_distributor.c:317
#8 0x7f13b973833a in pjsip_endpt_process_rx_data (/usr/lib/libpjsip.so.2+0x1933a)
#9 0x7f13b589e0dc in distribute res_pjsip/pjsip_distributor.c:348
#10 0x7c9a37 in ast_taskprocessor_execute /home/obs/asterisk-13.3.2/main/taskprocessor.c:769
#11 0x7d9a50 in threadpool_execute /home/obs/asterisk-13.3.2/main/threadpool.c:351
#12 0x7dce68 in worker_active /home/obs/asterisk-13.3.2/main/threadpool.c:1075
#13 0x7dca5c in worker_start /home/obs/asterisk-13.3.2/main/threadpool.c:995
#14 0x7f9646 in dummy_start /home/obs/asterisk-13.3.2/main/utils.c:1232
#15 0x31a3e079d0 in start_thread (/lib64/libpthread.so.0+0x31a3e079d0)
#16 0x31a36e88fc in clone (/lib64/libc.so.6+0x31a36e88fc)
0x612000156f94 is located 106790068246580 bytes inside
{code}
was:
{code}
=================================================================
==20692==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200016c594 at pc 0x4956e0 bp 0x7f4dea2566a0 sp 0x7f4dea256698
READ of size 4 at 0x61200016c594 thread T29
#0 0x4956df in INTERNAL_OBJ /home/obs/asterisk-13.3.2/main/astobj2.c:121
#1 0x4957b9 in __ao2_lock /home/obs/asterisk-13.3.2/main/astobj2.c:151
#2 0x7f4df41a2a90 in __ast_websocket_write /home/obs/asterisk-13.3.2/res/res_http_websocket.c:303
#3 0x7f4ddbf62352 in ws_send_msg /home/obs/asterisk-13.3.2/res/res_pjsip_transport_websocket.c:67
#4 0x7f4df84ba473 in pjsip_transport_send (/usr/lib/libpjsip.so.2+0x1e473)
#5 0x7f4df84b8104 in pjsip_endpt_send_response (/usr/lib/libpjsip.so.2+0x1c104)
#6 0x7f4df84b81eb in pjsip_endpt_send_response2 (/usr/lib/libpjsip.so.2+0x1c1eb)
#7 0x7f4df462d424 in authenticate res_pjsip/pjsip_distributor.c:317
#8 0x7f4df84b533a in pjsip_endpt_process_rx_data (/usr/lib/libpjsip.so.2+0x1933a)
#9 0x7f4df462c0dc in distribute res_pjsip/pjsip_distributor.c:348
#10 0x7c9a37 in ast_taskprocessor_execute /home/obs/asterisk-13.3.2/main/taskprocessor.c:769
#11 0x7d9a50 in threadpool_execute /home/obs/asterisk-13.3.2/main/threadpool.c:351
#12 0x7dce68 in worker_active /home/obs/asterisk-13.3.2/main/threadpool.c:1075
#13 0x7dca5c in worker_start /home/obs/asterisk-13.3.2/main/threadpool.c:995
#14 0x7f9646 in dummy_start /home/obs/asterisk-13.3.2/main/utils.c:1232
#15 0x31a3e079d0 in start_thread (/lib64/libpthread.so.0+0x31a3e079d0)
#16 0x31a36e88fc in clone (/lib64/libc.so.6+0x31a36e88fc)
0x61200016c594 is located 106790068334132 bytes inside
{code}
> ASAN: heap-use-after-free with PJSIP and WSS
> --------------------------------------------
>
> Key: ASTERISK-24963
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24963
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip, Resources/res_http_websocket
> Affects Versions: 13.3.2
> Reporter: Badalian Vyacheslav
>
> {code}
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into...
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''.
> [2015-04-14 18:04:38] DEBUG[12724]: taskprocessor.c:484 tps_taskprocessor_destroy: destroying taskprocessor 'd16a4163-0dfb-43ab-a3ca-c8753979582f'
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154' into...
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port ''.
> == WebSocket connection from '172.30.0.154:49296' closed
> =================================================================
> ==12652==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000156f94 at pc 0x4956e0 bp 0x7f13ab4c86a0 sp 0x7f13ab4c8698
> READ of size 4 at 0x612000156f94 thread T29
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into...
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'.
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:172 ast_sockaddr_split_hostport: Splitting '172.30.0.154:49296' into...
> [2015-04-14 18:04:38] DEBUG[12682]: netsock2.c:226 ast_sockaddr_split_hostport: ...host '172.30.0.154' and port '49296'.
> #0 0x4956df in INTERNAL_OBJ /home/obs/asterisk-13.3.2/main/astobj2.c:121
> #1 0x4957b9 in __ao2_lock /home/obs/asterisk-13.3.2/main/astobj2.c:151
> #2 0x7f13b5414a90 in __ast_websocket_write /home/obs/asterisk-13.3.2/res/res_http_websocket.c:303
> #3 0x7f139d199352 in ws_send_msg /home/obs/asterisk-13.3.2/res/res_pjsip_transport_websocket.c:67
> #4 0x7f13b973d473 in pjsip_transport_send (/usr/lib/libpjsip.so.2+0x1e473)
> #5 0x7f13b973b104 in pjsip_endpt_send_response (/usr/lib/libpjsip.so.2+0x1c104)
> #6 0x7f13b973b1eb in pjsip_endpt_send_response2 (/usr/lib/libpjsip.so.2+0x1c1eb)
> #7 0x7f13b589f424 in authenticate res_pjsip/pjsip_distributor.c:317
> #8 0x7f13b973833a in pjsip_endpt_process_rx_data (/usr/lib/libpjsip.so.2+0x1933a)
> #9 0x7f13b589e0dc in distribute res_pjsip/pjsip_distributor.c:348
> #10 0x7c9a37 in ast_taskprocessor_execute /home/obs/asterisk-13.3.2/main/taskprocessor.c:769
> #11 0x7d9a50 in threadpool_execute /home/obs/asterisk-13.3.2/main/threadpool.c:351
> #12 0x7dce68 in worker_active /home/obs/asterisk-13.3.2/main/threadpool.c:1075
> #13 0x7dca5c in worker_start /home/obs/asterisk-13.3.2/main/threadpool.c:995
> #14 0x7f9646 in dummy_start /home/obs/asterisk-13.3.2/main/utils.c:1232
> #15 0x31a3e079d0 in start_thread (/lib64/libpthread.so.0+0x31a3e079d0)
> #16 0x31a36e88fc in clone (/lib64/libc.so.6+0x31a36e88fc)
> 0x612000156f94 is located 106790068246580 bytes inside
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list