[asterisk-bugs] [JIRA] (ASTERISK-28426) Address out of bounds in ast_str_hash

Benjamin Keith Ford (JIRA) noreply at issues.asterisk.org
Fri May 24 13:54:48 CDT 2019 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Keith Ford updated ASTERISK-28426:
-------------------------------------------

    Assignee: Ross Beer
      Status: Waiting for Feedback  (was: Triage)

Yep, looks like something is going on. Are you running a vanilla 13.26? Do you happen to know what's triggering it, based on what activity is going on in the system at the time?

> Address out of bounds in ast_str_hash
> -------------------------------------
>
>                 Key: ASTERISK-28426
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28426
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 13.26.0, GIT
>         Environment: CentOS 7
>            Reporter: Ross Beer
>            Assignee: Ross Beer
>              Labels: pjsip
>         Attachments: core-asterisk-113633-1558612929-thread1.txt
>
>
> Asterisk segfaults with 'address out of bounds' when in ast_str_hash:
> {noformat}
> Thread 1 (Thread 0x7f5f3ca28700 (LWP 113932)):
> #0  0x00007f605572d4ac in ast_str_hash (str=0x7f5ec234d248 <Address 0x7f5ec234d248 out of bounds>) at /usr/src/asterisk/asterisk-13-trunk/include/asterisk/strings.h:1202
>         hash = 5381
> #1  0x00007f605572d512 in transport_monitor_hash_fn (obj=0x7f5ec234d248, flags=64) at res_pjsip/pjsip_transport_events.c:69
>         object = 0x7f5ec234d248
>         key = 0x7f5ec234d248 <Address 0x7f5ec234d248 out of bounds>
> #2  0x000000000045df8e in hash_ao2_find_first (self=0x2e673a8, flags=80, arg=0x7f5ec234d248, state=0x7f5f3ca276a0) at astobj2_hash.c:390
>         node = 0x2e673a8
>         bucket_cur = 32607
>         cmp = 1017280128
> #3  0x000000000045c491 in internal_ao2_traverse (self=0x2e673a8, flags=80, cb_fn=0x7f605572d514 <transport_monitor_cmp_fn>, arg=0x7f5ec234d248, data=0x0, type=AO2_CALLBACK_DEFAULT, tag=0x0, file=0x0, line=0, func=0x0) at astobj2_container.c:344
>         ret = 0x0
>         cb_default = 0x7f605572d514 <transport_monitor_cmp_fn>
>         cb_withdata = 0x0
>         node = 0x7f5f3ca277e0
>         traversal_state = 0x7f5f3ca276a0
>         orig_lock = AO2_LOCK_REQ_MUTEX
>         multi_container = 0x0
>         multi_iterator = 0x0
>         __PRETTY_FUNCTION__ = "internal_ao2_traverse"
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list