[asterisk-bugs] [JIRA] (ASTERISK-28319) Segmentation fault in main/loader.c during init/loading modules

Sebastian Kemper (JIRA) noreply at issues.asterisk.org
Sat Mar 2 11:59:47 CST 2019 

Sebastian Kemper created ASTERISK-28319:
-------------------------------------------

             Summary: Segmentation fault in main/loader.c during init/loading modules
                 Key: ASTERISK-28319
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28319
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: General
    Affects Versions: 16.2.1
         Environment: OpenWrt trunk with musl libc 1.1.21
            Reporter: Sebastian Kemper


Hello Asterisk team,

I updated asterisk 15 to 16 on OpenWrt. After getting it to compile I saw that there was a segmentation fault every time I started the PBX. It happened in main/loader.c. I got help on the musl list: https://www.openwall.com/lists/musl/2019/02/28/4

This doesn't happen with Asterisk 15. But in Asterisk 16 I see this every time I start asterisk:

Asterisk PBX Core Initializing
  == Registering builtin functions:
  == Registered custom function 'EXCEPTION'
  == Registered custom function 'TESTTIME'
  == Manager registered action ShowDialPlan
  == Manager registered action ExtensionStateList
  == Registered application 'Answer'
  == Registered application 'BackGround'
  == Registered application 'Busy'
  == Registered application 'Congestion'
  == Registered application 'ExecIfTime'
  == Registered application 'Goto'
  == Registered application 'GotoIf'
  == Registered application 'GotoIfTime'
  == Registered application 'ImportVar'
  == Registered application 'Hangup'
  == Registered application 'Incomplete'
  == Registered application 'NoOp'
  == Registered application 'Proceeding'
  == Registered application 'Progress'
  == Registered application 'RaiseException'
  == Registered application 'Ringing'
  == Registered application 'SayAlpha'
  == Registered application 'SayAlphaCase'
  == Registered application 'SayDigits'
  == Registered application 'SayNumber'
  == Registered application 'SayPhonetic'
  == Registered application 'SetAMAFlags'
  == Registered application 'Wait'
  == Registered application 'WaitDigit'
  == Registered application 'WaitExten'
  == Registered application 'Set'
  == Registered application 'MSet'
  == Registered channel type 'Local' (Local Proxy Channel Driver)
  == Manager registered action LocalOptimizeAway
 Asterisk Dynamic Loader Starting:
[Mar  2 17:51:37] NOTICE[19567]: loader.c:2230 load_modules: 91 modules will be loaded.
Segmentation fault
root at hank2:/tmp#

Backtrace:

(gdb) 

Thread 1 "asterisk" hit Breakpoint 1, load_dlopen (resource_in=0x77d8f52b <parseHhMmSs+578> "D\350\240e", resource_in at ...ry=0x5fa910 "res_pjproject.so", so_ext=0x0, 
    so_ext at ...ry=0x53b91c "", filename=0x5fa910 "res_pjproject.so", filename at ...ry=0x7fff7a04 "/usr/lib/asterisk/modules/res_pjproject.so", flags=796226418, 
    flags at ...ry=258, suppress_logging=suppress_logging at ...ry=0) at loader.c:952
952		if (resource_being_loaded) {
(gdb) 
951		mod->lib = dlopen(filename, flags);
(gdb) 
952		if (resource_being_loaded) {
(gdb) 
955			const char *dlerror_msg = ast_strdupa(dlerror());
(gdb) 

Thread 1 "asterisk" received signal SIGSEGV, Segmentation fault.
strlen (s=0x0, s at ...ry=0x48d79d <load_dynamic_module+120> "\t\360\"\223\f\234\200\353\216#\005\032\240z\364e") at src/string/strlen.c:17
17		for (w = (const void *)s; !HASZERO(*w); w++);
(gdb) bt
#0  strlen (s=0x0, s at ...ry=0x48d79d <load_dynamic_module+120> "\t\360\"\223\f\234\200\353\216#\005\032\240z\364e") at src/string/strlen.c:17
#1  0x0048d5db in load_dlopen (resource_in=0x77d8f52b <parseHhMmSs+578> "D\350\240e", resource_in at ...ry=0x5fa910 "res_pjproject.so", so_ext=0x0, 
    so_ext at ...ry=0x53b91c "", filename=0x5fa910 "res_pjproject.so", filename at ...ry=0x7fff7a04 "/usr/lib/asterisk/modules/res_pjproject.so", flags=796226418, 
    flags at ...ry=258, suppress_logging=suppress_logging at ...ry=0) at loader.c:955
#2  0x0048d79d in load_dynamic_module (resource_in=resource_in at ...ry=0x5fa910 "res_pjproject.so", suppress_logging=suppress_logging at ...ry=1) at loader.c:1039
#3  0x0048eea3 in load_resource (resource_name=0x5fa910 "res_pjproject.so", suppress_logging=suppress_logging at ...ry=1, 
    module_priorities=module_priorities at ...ry=0x7fff8c24, required=0, preload=0) at loader.c:1635
#4  0x0048f5e1 in load_resource_list (mod_count=<synthetic pointer>, load_order=0x7fff8c1c) at loader.c:1984
#5  load_modules () at loader.c:2232
#6  0x0042c99d in asterisk_daemon (isroot=<optimized out>, rungroup=<optimized out>, runuser=<optimized out>) at asterisk.c:4146
#7  main (argc=<optimized out>, argv=<optimized out>) at asterisk.c:3918
(gdb)

On the musl list it was explained to me that what happens is that dlerror() returned 0 and ast_strdupa calls strlen on this return value which segfaults as expected.

I tried replacing

const char *dlerror_msg = ast_strdupa(dlerror());

with

const char *dlerror_msg = dlerror(); dlerror_msg = ast_strdupa(dlerror_msg ? dlerror_msg : "");

This indeed stopped the segmentation fault. But the general opinion on the musl list is that this is just fixing the crash, not the underlying general issue.

Here's the boot log with this:

 Asterisk PBX Core Initializing
  == Registering builtin functions:
  == Registered custom function 'EXCEPTION'
  == Registered custom function 'TESTTIME'
  == Manager registered action ShowDialPlan
  == Manager registered action ExtensionStateList
  == Registered application 'Answer'
  == Registered application 'BackGround'
  == Registered application 'Busy'
  == Registered application 'Congestion'
  == Registered application 'ExecIfTime'
  == Registered application 'Goto'
  == Registered application 'GotoIf'
  == Registered application 'GotoIfTime'
  == Registered application 'ImportVar'
  == Registered application 'Hangup'
  == Registered application 'Incomplete'
  == Registered application 'NoOp'
  == Registered application 'Proceeding'
  == Registered application 'Progress'
  == Registered application 'RaiseException'
  == Registered application 'Ringing'
  == Registered application 'SayAlpha'
  == Registered application 'SayAlphaCase'
  == Registered application 'SayDigits'
  == Registered application 'SayNumber'
  == Registered application 'SayPhonetic'
  == Registered application 'SetAMAFlags'
  == Registered application 'Wait'
  == Registered application 'WaitDigit'
  == Registered application 'WaitExten'
  == Registered application 'Set'
  == Registered application 'MSet'
  == Registered channel type 'Local' (Local Proxy Channel Driver)
  == Manager registered action LocalOptimizeAway
 Asterisk Dynamic Loader Starting:
[Mar  2 17:45:41] NOTICE[18734]: loader.c:2230 load_modules: 91 modules will be loaded.
 Loading extconfig.
[ Initializing Custom Configuration Options ]
  == extconfig => (Configuration)
 Loading logger.
  == logger => (Logger)
 Loading res_sorcery_astdb.so.

<snip>

 Loading codec_alaw.so.
  == Registered translator 'alawtolin' from codec alaw to slin, table cost, 900000, computational cost 845
  == Registered translator 'lintoalaw' from codec slin to alaw, table cost, 600000, computational cost 1064
  == codec_alaw.so => (A-law Coder/Decoder)
[Mar  2 17:45:43] WARNING[18734]: loader.c:2234 load_modules: Some non-required modules failed to load.
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjproject.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjsip.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_sorcery_astdb.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_sorcery_realtime.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_http_websocket.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjsip_config_wizard.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_crypto.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjsip_pubsub.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjsip_session.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_sorcery_memory.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_sorcery_config.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: Module 'res_pjsip_outbound_publish.so' did not register itself during load
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: res_pjsip_transport_websocket declined to load.
[Mar  2 17:45:43] ERROR[18734]: loader.c:2249 load_modules: cdr_csv declined to load.
Asterisk Ready.
Asterisk cleanly ending (0).
Executing last minute cleanups
  == Manager unregistered action DBGet
  == Manager unregistered action DBPut
  == Manager unregistered action DBDel
  == Manager unregistered action DBDelTree
root at hank2:~#

The trailing errors ("did not register itself during load") I'm not sure of. I get these as will on x86_64 with glibc with some modules and they don't seem to cause any harm, most of the modules seem to load after all and work fine.

Kind regards,
Seb



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list