[Asterisk-Users] segmentation fault on asterisk startup
andrewg at felinemenace.org
andrewg at felinemenace.org
Tue Jul 13 05:55:37 MST 2004
On Tue, Jul 13, 2004 at 08:35:17AM -0400, Andrew Kohlsmith wrote:
> On Tuesday 13 July 2004 08:22, andrewg at felinemenace.org wrote:
> > Ack, I don't like the iLBC code for the quick 3 minutes or so I looked at
> > it, but it wouldn't surprise me if it was overwriting more than it should
> > be on the stack.
>
> Why wouldn't it surprise you? I have a PRI and have 10 or 12 iLBC codecs
> running during peak times. I don't understand how you can get from "I don't
> like the sound of iLBC" to "iLBC must be written poorly".
>
You missed my point. I'm talking about how it does data handling with
various loops and memcpys etc. I don't care about the sound quality, nor do I
care about how well written it is, I'm just making the observation based on
my previous experience based on previous auditing of software.
There are a lot of variables in use with various #define'd values, (can you
be sure that there is no off-by-one's, compiler eccentricities, etc?). ( it's
abit like how asterisk doesn't srand() correctly, which can allow an attacker
to predict what challenges someone is going to see and compute them in advance
via MIT or that IAX2 should drop the idea of plaintext passwords due to forced
downgrades.).
That said, what processor series couldn't divide properly? if it was the cryix
range / version part, it could be a problem.
Thanks,
Andrew Griffiths
More information about the asterisk-users
mailing list