Summary: | ASTERISK-19445: Incorrect values are specified as length in memcpy and memset | ||
Reporter: | Makoto Dei (makoto) | Labels: | |
Date Opened: | 2012-02-28 21:38:03.000-0600 | Date Closed: | 2012-04-04 14:56:19 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Addons/chan_ooh323 Features Resources/res_adsi Resources/res_crypto |
Versions: | 1.8.10.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) memset-memcpy-length.patch | |
Description: | There are some code which specify incorrect values as length in memcpy and memset. For example, int foo(struct ast_foo *foo, ...) { ... memcpy(foo, bar, sizeof(foo)); In this case, sizeof(foo) is 4 (32bit) or 8 (64bit) and not a correct size of the structure. This should be memcpy(foo, bar, sizeof(*foo)); See attached patch for details. | ||
Comments: | By: Walter Doekes (wdoekes) 2012-02-29 01:39:15.893-0600 The changes look good to me. By: Jonathan Rose (jrose) 2012-04-04 14:49:58.917-0500 Hmmm, most of these have been applied through other patches. There is still the hunk from ooh323cDriver that applies though (probably because it's not supported). I'll go ahead and commit what's left. By: Alexander Anikin (may213) 2012-04-05 16:51:49.679-0500 Hello, Btw, OOH323 is supported ;) if (cur == NULL) { - if (!(cur = ast_malloc(sizeof(struct callthread)))) { + if (!(cur = ast_calloc(1, sizeof(struct callthread)))) { I not understand sense of that patch. This part code of codes not contain subject issue and i had not any problem here not per 32bit nor per 64bit systems. By: Makoto Dei (makoto) 2012-04-05 20:19:15.165-0500 The real issue is memset of the next change. To remove it, I replaced ast_malloc and memset with ast_calloc. By: Alexander Anikin (may213) 2012-04-06 05:26:25.578-0500 Sure, you're right. It must be real trouble but i never had this in production ;) Thank you |