[asterisk-bugs] [JIRA] (ASTERISK-26528) [UBSAN] strings.h:signed integer overflow in ast_str_case_hash

Badalian Vyacheslav (JIRA) noreply at issues.asterisk.org
Sun Oct 30 13:28:10 CDT 2016 

Badalian Vyacheslav created ASTERISK-26528:
----------------------------------------------

             Summary: [UBSAN] strings.h:signed integer overflow in ast_str_case_hash
                 Key: ASTERISK-26528
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26528
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
            Reporter: Badalian Vyacheslav
            Severity: Minor


Many modules use ast_str_case_hash and it's have signed integer overflow.
More 30 errors in asterisk load....

example
{code}
 /usr/src/asterisk/include/asterisk/strings.h:1229:15: runtime error: signed integer overflow: 193412901 * 33 cannot be represented in type 'int'
    #0 0x5bd3bf in ast_str_case_hash /usr/src/asterisk/include/asterisk/strings.h:1229
    #1 0x5f6533 in ast_channel_hash_cb /usr/src/asterisk/main/channel.c:7573
    #2 0x4c59a4 in hash_ao2_new_node /usr/src/asterisk/main/astobj2_hash.c:240
    #3 0x4c1b9f in internal_ao2_link /usr/src/asterisk/main/astobj2_container.c:124
    #4 0x4c1ddc in __ao2_link /usr/src/asterisk/main/astobj2_container.c:174
    #5 0x5c320f in __ast_channel_alloc_ap /usr/src/asterisk/main/channel.c:988
    #6 0x5c3435 in __ast_channel_alloc /usr/src/asterisk/main/channel.c:1016
    #7 0x680040 in ast_unreal_new_channels /usr/src/asterisk/main/core_unreal.c:976
    #8 0x67974e in local_request /usr/src/asterisk/main/core_local.c:935
    #9 0x5eb7a3 in ast_request /usr/src/asterisk/main/channel.c:6145
    #10 0x69cdb5 in begin_dial_prerun /usr/src/asterisk/main/dial.c:332
    #11 0x69dc49 in ast_dial_prerun /usr/src/asterisk/main/dial.c:404
    #12 0x82206f in pbx_outgoing_attempt /usr/src/asterisk/main/pbx.c:7623
    #13 0x822e15 in ast_pbx_outgoing_exten /usr/src/asterisk/main/pbx.c:7766
    #14 0x79d28a in action_originate /usr/src/asterisk/main/manager.c:5580
    #15 0x7a1d60 in process_message /usr/src/asterisk/main/manager.c:6318
    #16 0x7a4039 in do_message /usr/src/asterisk/main/manager.c:6531
    #17 0x7a4ebd in session_do /usr/src/asterisk/main/manager.c:6652
    #18 0x938e0a in handle_tcptls_connection /usr/src/asterisk/main/tcptls.c:695
    #19 0x982e6a in dummy_start /usr/src/asterisk/main/utils.c:1235
    #20 0x7fe4aea160a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
    #21 0x7fe4ada5062c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe862c)
{code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list