[asterisk-bugs] [JIRA] (ASTERISK-25761) USAN: Potential runtime errors causing undefined behavior

Mateusz (JIRA) noreply at issues.asterisk.org
Fri Sep 1 05:59:07 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-25761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=238409#comment-238409 ] 

Mateusz edited comment on ASTERISK-25761 at 9/1/17 5:58 AM:
------------------------------------------------------------

Hi! Probably we have a problem with it, stackstace:

#0  0x00007f76e2b6d07d in malloc_consolidate (av=0x7f75f8000020) at malloc.c:5218 
#1  0x00007f76e2b70d08 in _int_malloc (av=0x7f75f8000020, bytes=<value optimized out>) at malloc.c:4425 
#2  0x00007f76e2b718cd in __libc_calloc (n=<value optimized out>, elem_size=<value optimized out>) at malloc.c:4103 
#3  0x0000000000505091 in _ast_calloc (framed=0x7f75f81a9150, cap=0x7f75f8131580, format=0x1da1fb0, framing=0) at /vagrant/rpmbuild/BUILD/asterisk-13.9.1/include/asterisk/utils.h:573 
#4  format_cap_framed_init (framed=0x7f75f81a9150, cap=0x7f75f8131580, format=0x1da1fb0, framing=0) at format_cap.c:173 
#5  0x00000000005c35fc in ast_translate_available_formats (dest=0x7f75f81a62d0, src=0x7f75f81aad80, result=0x7f75f8131580) at translate.c:1475 
#6  0x00007f761fb8227f in sip_call (ast=0x7f75f81c11a8, dest=<value optimized out>, timeout=<value optimized out>) at chan_sip.c:6430 
#7  0x00000000004a377c in ast_call (chan=0x7f75f81c11a8, addr=0x7f75f8131ab0 "48791068537 at 172.16.1.179", timeout=0) at channel.c:6192 
#8  0x00007f762ef4d452 in dial_exec_full (chan=0x7f75f001f938, data=<value optimized out>, peerflags=0x7f75c52645d0, continue_exec=0x0) at app_dial.c:2623 
#9  0x00007f762ef501d6 in dial_exec (chan=<value optimized out>, data=<value optimized out>) at app_dial.c:3160 
#10 0x0000000000562595 in pbx_exec (c=0x7f75f001f938, app=0x331fb40, data=0x7f75c5264b60 "SIP/123456789 at 111.111.111.111,S(10800)grCM(answe^823^10168025^28020679^^Local/123456789 at answe-00008da7;2)E(28020679)") at pbx_app.c:485



It crashes Asterisk with SegFault.


was (Author: mmazur):
Hi! Probably we have a problem with it, stackstace:

#0  0x00007f76e2b6d07d in malloc_consolidate (av=0x7f75f8000020) at malloc.c:5218 
#1  0x00007f76e2b70d08 in _int_malloc (av=0x7f75f8000020, bytes=<value optimized out>) at malloc.c:4425 
#2  0x00007f76e2b718cd in __libc_calloc (n=<value optimized out>, elem_size=<value optimized out>) at malloc.c:4103 
#3  0x0000000000505091 in _ast_calloc (framed=0x7f75f81a9150, cap=0x7f75f8131580, format=0x1da1fb0, framing=0) at /vagrant/rpmbuild/BUILD/asterisk-13.9.1/include/asterisk/utils.h:573 
#4  format_cap_framed_init (framed=0x7f75f81a9150, cap=0x7f75f8131580, format=0x1da1fb0, framing=0) at format_cap.c:173 
#5  0x00000000005c35fc in ast_translate_available_formats (dest=0x7f75f81a62d0, src=0x7f75f81aad80, result=0x7f75f8131580) at translate.c:1475 
#6  0x00007f761fb8227f in sip_call (ast=0x7f75f81c11a8, dest=<value optimized out>, timeout=<value optimized out>) at chan_sip.c:6430 
#7  0x00000000004a377c in ast_call (chan=0x7f75f81c11a8, addr=0x7f75f8131ab0 "48791068537 at 172.16.1.179", timeout=0) at channel.c:6192 
#8  0x00007f762ef4d452 in dial_exec_full (chan=0x7f75f001f938, data=<value optimized out>, peerflags=0x7f75c52645d0, continue_exec=0x0) at app_dial.c:2623 
#9  0x00007f762ef501d6 in dial_exec (chan=<value optimized out>, data=<value optimized out>) at app_dial.c:3160 
#10 0x0000000000562595 in pbx_exec (c=0x7f75f001f938, app=0x331fb40, data=0x7f75c5264b60 "SIP/123456789 at 111.111.111.111,S(10800)grCM(answe^823^10168025^28020679^^Local/123456789 at answe-00008da7;2)E(28020679)") at pbx_app.c:485


> USAN: Potential runtime errors causing undefined behavior
> ---------------------------------------------------------
>
>                 Key: ASTERISK-25761
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25761
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 13.7.0, 13.12.1
>         Environment: gcc version 5.2.1 20150902 (Red Hat 5.2.1-2) (GCC)
>            Reporter: Badalian Vyacheslav
>            Severity: Minor
>
> Hello!
> I send you a list of the errors found. Usan test. All errors are shown at the time of loading of modules. I hope you would be interested :)
> {code}
> /root/asterisk-13.7.0/include/asterisk/strings.h	1181	15	 runtime error	 signed integer overflow  193410279 * 33 cannot be represented in type 'int'
> /root/asterisk-13.7.0/include/asterisk/strings.h	1221	15	 runtime error	 signed integer overflow  193404514 * 33 cannot be represented in type 'int'
> chan_iax2.c	13511	2	 runtime error	 left shift of 1 by 31 places cannot be represented in type 'int'
> chan_sip.c	8724	2	 runtime error	 left shift of 1 by 31 places cannot be represented in type 'int'
> chan_sip.c	8725	2	 runtime error	 left shift of 3 by 30 places cannot be represented in type 'int'
> chan_sip.c	29976	3	 runtime error	 left shift of 1 by 31 places cannot be represented in type 'int'
> chan_sip.c	29977	3	 runtime error	 left shift of 1 by 31 places cannot be represented in type 'int'
> chan_sip.c	30304	2	 runtime error	 left shift of 1 by 31 places cannot be represented in type 'int'
> chan_sip.c	30305	2	 runtime error	 left shift of 3 by 30 places cannot be represented in type 'int'
> codec_adpcm.c	151	23	 runtime error	 left shift of negative value -4
> codec_g726.c	621	25	 runtime error	 left shift of negative value -12
> codec_g726.c	678	25	 runtime error	 left shift of negative value -12
> el.c	244	21	 runtime error	 left shift of negative value -2
> format_cap.c	173	7	 runtime error	 null pointer passed as argument 2, which is declared to never be null
> g722/g722_decode.c	80	39	 runtime error	 left shift of negative value -192
> g722/g722_decode.c	373	49	 runtime error	 left shift of negative value -1
> g722/g722_encode.c	80	39	 runtime error	 left shift of negative value -1
> src/lpc.c	156	28	 runtime error	 left shift of negative value -2961983
> src/lpc.c	235	42	 runtime error	 left shift of negative value -3457934
> src/preprocess.c	92	8	 runtime error	 left shift of negative value -4
> src/rpe.c	336	16	 runtime error	 left shift of negative value -4
> src/rpe.c	380	8	 runtime error	 left shift of negative value -1
> src/short_term.c	64	2	 runtime error	 left shift of negative value -18
> src/short_term.c	67	2	 runtime error	 left shift of negative value -2560
> src/short_term.c	70	2	 runtime error	 left shift of negative value -1792
> src/short_term.c	71	2	 runtime error	 left shift of negative value -341
> src/short_term.c	72	2	 runtime error	 left shift of negative value -1
> stasis_message_router.c	113	8	 runtime error	 null pointer passed as argument 2, which is declared to never be null
> stasis.c	913	8	 runtime error	 null pointer passed as argument 2, which is declared to never be null
> stdtime/localtime.c	828	20	 runtime error	 left shift of negative value -1
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list