[asterisk-dev] [Code Review] 3898: Fix memory Corruption in __ast_string_field_ptr_build_va
wdoekes
reviewboard at asterisk.org
Mon Aug 11 05:24:09 CDT 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3898/
-----------------------------------------------------------
(Updated Aug. 11, 2014, 5:24 a.m.)
Status
------
This change has been marked as submitted.
Review request for Asterisk Developers.
Changes
-------
Committed in revision 420680
Bugs: ASTERISK-23508
https://issues.asterisk.org/jira/browse/ASTERISK-23508
Repository: Asterisk
Description
-------
Reporter has observed memory corruption in __ast_string_field_ptr_build_va.
Cause:
- when all space in a stringfield is used (used==size), then space==0
- in that case, the "available" space would become below zero and overflow (size_t)
- result, avaiable space is huge, and memory corruption ensues
Diffs
-----
/branches/1.8/main/utils.c 420566
Diff: https://reviewboard.asterisk.org/r/3898/diff/
Testing
-------
Problem and cause has been described by Arnd Schmitter and tested by him and JoshE.
The tested patch was against 11. This review is a backport to 1.8.
File Attachments
----------------
branches-11
https://reviewboard.asterisk.org/media/uploaded/files/2014/08/08/4d51862e-4661-49f2-92be-e6a17feebfd3__issueA23508_stringfieldptr_corruption-11.x.patch
Thanks,
wdoekes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20140811/71397128/attachment.html>
More information about the asterisk-dev
mailing list