[asterisk-bugs] [JIRA] (ASTERISK-26528) [UBSAN] strings.h:signed integer overflow in ast_str_case_hash
Badalian Vyacheslav (JIRA)
noreply at issues.asterisk.org
Mon Apr 24 22:09:57 CDT 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Badalian Vyacheslav updated ASTERISK-26528:
-------------------------------------------
Comment: was deleted
(was: After you fix:
{code}
received error: integer overflow: 193433707 * 33 cannot be represented in type 'int'
#0 0x932e23 in ast_str_case_hash /usr/src/asterisk/include/asterisk/strings.h:1229
#1 0x9357df in tps_hash_cb /usr/src/asterisk/main/taskprocessor.c:533
#2 0x4c8664 in hash_ao2_find_first /usr/src/asterisk/main/astobj2_hash.c:390
#3 0x4c34bf in internal_ao2_traverse /usr/src/asterisk/main/astobj2_container.c:344
#4 0x4c3bf2 in __ao2_callback /usr/src/asterisk/main/astobj2_container.c:455
#5 0x4c3e0f in __ao2_find /usr/src/asterisk/main/astobj2_container.c:496
#6 0x9375c0 in ast_taskprocessor_get /usr/src/asterisk/main/taskprocessor.c:793
#7 0x95cdde in threadpool_alloc /usr/src/asterisk/main/threadpool.c:402
#8 0x96057b in ast_threadpool_create /usr/src/asterisk/main/threadpool.c:894
#9 0x8b9710 in ast_sorcery_init /usr/src/asterisk/main/sorcery.c:508
#10 0x4bfdf4 in asterisk_daemon /usr/src/asterisk/main/asterisk.c:4603
#11 0x4bf56a in main /usr/src/asterisk/main/asterisk.c:4444
#12 0x7f76004f5b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#13 0x433c98 (/usr/sbin/asterisk+0x433c98)
{code})
> [UBSAN] strings.h:signed integer overflow in ast_str_case_hash
> --------------------------------------------------------------
>
> Key: ASTERISK-26528
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26528
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/General
> Affects Versions: 13.12.1, 13.15.0, 14.1.1, GIT
> Reporter: Badalian Vyacheslav
> Severity: Minor
>
> Many modules use ast_str_case_hash and it's have signed integer overflow.
> More 30 errors in asterisk load....
> example
> {code}
> /usr/src/asterisk/include/asterisk/strings.h:1229:15: runtime error: signed integer overflow: 193412901 * 33 cannot be represented in type 'int'
> #0 0x5bd3bf in ast_str_case_hash /usr/src/asterisk/include/asterisk/strings.h:1229
> #1 0x5f6533 in ast_channel_hash_cb /usr/src/asterisk/main/channel.c:7573
> #2 0x4c59a4 in hash_ao2_new_node /usr/src/asterisk/main/astobj2_hash.c:240
> #3 0x4c1b9f in internal_ao2_link /usr/src/asterisk/main/astobj2_container.c:124
> #4 0x4c1ddc in __ao2_link /usr/src/asterisk/main/astobj2_container.c:174
> #5 0x5c320f in __ast_channel_alloc_ap /usr/src/asterisk/main/channel.c:988
> #6 0x5c3435 in __ast_channel_alloc /usr/src/asterisk/main/channel.c:1016
> #7 0x680040 in ast_unreal_new_channels /usr/src/asterisk/main/core_unreal.c:976
> #8 0x67974e in local_request /usr/src/asterisk/main/core_local.c:935
> #9 0x5eb7a3 in ast_request /usr/src/asterisk/main/channel.c:6145
> #10 0x69cdb5 in begin_dial_prerun /usr/src/asterisk/main/dial.c:332
> #11 0x69dc49 in ast_dial_prerun /usr/src/asterisk/main/dial.c:404
> #12 0x82206f in pbx_outgoing_attempt /usr/src/asterisk/main/pbx.c:7623
> #13 0x822e15 in ast_pbx_outgoing_exten /usr/src/asterisk/main/pbx.c:7766
> #14 0x79d28a in action_originate /usr/src/asterisk/main/manager.c:5580
> #15 0x7a1d60 in process_message /usr/src/asterisk/main/manager.c:6318
> #16 0x7a4039 in do_message /usr/src/asterisk/main/manager.c:6531
> #17 0x7a4ebd in session_do /usr/src/asterisk/main/manager.c:6652
> #18 0x938e0a in handle_tcptls_connection /usr/src/asterisk/main/tcptls.c:695
> #19 0x982e6a in dummy_start /usr/src/asterisk/main/utils.c:1235
> #20 0x7fe4aea160a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3)
> #21 0x7fe4ada5062c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe862c)
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list