<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://reviewboard.asterisk.org/r/4186/">https://reviewboard.asterisk.org/r/4186/</a>
</td>
</tr>
</table>
<br />
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">What you have found shows that the problem is in v12+ and not v1.8+</pre>
<br />
<div>
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; border-collapse: collapse; margin: 2px padding: 2px;">
<thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; font-size: 9pt; padding: 4px 8px; text-align: left;">
<a href="https://reviewboard.asterisk.org/r/4186/diff/1/?file=68995#file68995line330" style="color: black; font-weight: bold; text-decoration: underline;">/branches/12/include/asterisk/stringfields.h</a>
<span style="font-weight: normal;">
(Diff revision 1)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">void __ast_string_field_release_active(struct ast_string_field_pool *pool_head,</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#e9eaa8" style="border-right: 1px solid #C0C0C0;" align="right"><font size="2">330</font></th>
<td bgcolor="#fdfebc" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "><span class="cp"> (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, <span class="hl">__p__</span>)) || \</span></pre></td>
<th bgcolor="#e9eaa8" style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font size="2">330</font></th>
<td bgcolor="#fdfebc" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "><span class="cp"> (!__ast_string_field_ptr_grow(&field_mgr, &field_mgr_pool, __dlen__, <span class="hl">&target</span>)) || \</span></pre></td>
</tr>
</tbody>
</table>
<pre style="margin-left: 2em; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This change doesn't have any effect. __ast_string_field_ptr_grow() grows the reserved string space at __p__ only if __p__ is the last string in the pool memory block. It does not change the string pointer itself.
01234567890123456789
..^...A
*__p__ points to position 2 with a reserved space of 5 characters starting at position 2 and ending as indicated by A
after
01234567890123456789
..^......A
*__p__ still points to position 2 but with a reserved space of 8 characters starting at position 2 and ending as indicated by A
</pre>
</div>
<br />
<p>- rmudgett</p>
<br />
<p>On November 18th, 2014, 8:25 a.m. CST, Corey Farrell wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://reviewboard.asterisk.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for Asterisk Developers and rmudgett.</div>
<div>By Corey Farrell.</div>
<p style="color: grey;"><i>Updated Nov. 18, 2014, 8:25 a.m.</i></p>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-24535">ASTERISK-24535</a>
</div>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt;">Repository: </b>
Asterisk
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This addresses a regression in the previous fix that applies to all versions. When __ast_string_field_ptr_grow is called by ast_string_field_ptr_set_by_fields, it needs to be passed &target, not __p__. In the current code if __ast_string_field_ptr_grow actually does anything, it will cause *__p__ != target. Unfortunately in this case *__p__ points to the new address, target to the old. This may cause too much data to be written to the old space for the string, and this could cause memory corruption. This was the first thing I noticed when attempting to troubleshoot res/parking/dynamic_parking_variables unit test failure, but did not fix the test.
Also needed to get the unit test working again is a fix for ast_string_fields_copy in 12+. The existing code relies on the fact that __ast_string_field_release_active never previously zeroed pool->used, so keeping the existing pointer was ok. Setting each field to __ast_string_field_empty after releasing the memory seems to resolve the issue.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Full testsuite against 12. I had 17 failures, but that is normal on my system. I re-ran the 17 tests without this patch, they still failed.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>/branches/12/include/asterisk/stringfields.h <span style="color: grey">(427735)</span></li>
</ul>
<p><a href="https://reviewboard.asterisk.org/r/4186/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>