Summary: | ASTERISK-17946: AST_STRING_FIELD new pointer overlap the last string on MIPS | ||||
Reporter: | Pascal Yu (yupascal) | Labels: | |||
Date Opened: | 2011-05-31 15:44:17 | Date Closed: | 2015-02-25 23:04:39.000-0600 | ||
Priority: | Major | Regression? | No | ||
Status: | Closed/Complete | Components: | Utilities/General | ||
Versions: | 1.8.3 | Frequency of Occurrence | |||
Related Issues: |
| ||||
Environment: | Attachments: | ( 0) asterisk-1.8.5.0-alignment.diff | |||
Description: | Found a VOIP provider failed to authenticate account after upgrade to 1.8.3 from 1.6.1. Traced SIP packet, found an extra non-readable character following Contact header, inside the 2nd INVITE with md5 digest responded to 401 from provider proxy. The first INVITE is ok though. Didn't find smilar issue reported by google search or forum search. I'm not a developer, but a system admin, so not an expert on coding. Took me several days found the code that missing a line for MIPS (SPARC) platform. I'm using * on the router with Openwrt. Thus everybody else using it on X86 should be ok. I think it might better to report it so it would help for those who use it on SPARC or MIPS. Checked 1.8.4 code still unchanged. ****** ADDITIONAL INFORMATION ****** patch, --- /home/pascal/util.c.asterisk18.orig 2011-05-27 22:41:21.000000000 -0400 +++ asterisk-1.8.3.2/main/utils.c 2011-05-28 20:04:05.000000000 -0400 @@ -1718,6 +1718,7 @@ if ((long) target % sizeof(ast_string_field_allocation)) { target++; space--; + (*pool_head)->used ++; } #endif available = space - sizeof(ast_string_field_allocation); | ||||
Comments: | By: Wolfram Joost (wjoost) 2011-08-06 08:21:15.091-0500 I found this problem in version 1.8.5, too. The problem is the following: In file main/utils.c, function "void __ast_string_field_ptr_build_va" for sparc architectures an alignment is calculated: #ifdef __sparc__ if ((long) target % sizeof(ast_string_field_allocation)) { target++; space--; } #endif If the target has been increased and there was enough space in the pool the folling codes is used: } else if (*ptr != target) { /* the allocation was satisfied using available space in the pool, but not using the space already allocated to the field */ __ast_string_field_release_active(*pool_head, *ptr); mgr->last_alloc = *ptr = target; AST_STRING_FIELD_ALLOCATION(target) = needed; (*pool_head)->used += needed + sizeof(ast_string_field_allocation); (*pool_head)->active += needed; As one can see, the one byte which might had been used for alignment isn't added to (*pool_head)->used . The patch posted above is wrong, it adds one byte to used even if the space of the pool isn't used. By: Wolfram Joost (wjoost) 2011-08-28 05:30:46.409-0500 Patch against asterisk 1.8.5.0 By: Matt Jordan (mjordan) 2015-02-25 23:04:13.394-0600 This look to be a duplicate of ASTERISK-17310, which was solved in a slightly different fashion by Walter Doekes in r343163. If you find this is still a problem in the latest Asterisk 11/13, please comment on the issue and I'll be happy to reopen it. |