[asterisk-dev] [Code Review] 3898: Fix memory Corruption in __ast_string_field_ptr_build_va

[Matt Jordan]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3898/#review13062
-----------------------------------------------------------

Ship it!


Yikes. One has to wonder how many other memory corruptions that were nearly impossible to reproduce this caused.

- Matt Jordan


On Aug. 8, 2014, 1:37 p.m., wdoekes wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/3898/
> -----------------------------------------------------------
> 
> (Updated Aug. 8, 2014, 1:37 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-23508
>     https://issues.asterisk.org/jira/browse/ASTERISK-23508
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Reporter has observed memory corruption in __ast_string_field_ptr_build_va.
> 
> Cause:
> - when all space in a stringfield is used (used==size), then space==0
> - in that case, the "available" space would become below zero and overflow (size_t)
> - result, avaiable space is huge, and memory corruption ensues
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/main/utils.c 420566 
> 
> Diff: https://reviewboard.asterisk.org/r/3898/diff/
> 
> 
> Testing
> -------
> 
> Problem and cause has been described by Arnd Schmitter and tested by him and JoshE.
> 
> The tested patch was against 11. This review is a backport to 1.8.
> 
> 
> File Attachments
> ----------------
> 
> branches-11
>   https://reviewboard.asterisk.org/media/uploaded/files/2014/08/08/4d51862e-4661-49f2-92be-e6a17feebfd3__issueA23508_stringfieldptr_corruption-11.x.patch
> 
> 
> Thanks,
> 
> wdoekes
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140811/4ce0fa3c/attachment-0001.html>