| Summary: | ASTERISK-19756: Use of asprintf with MALLOC_DEBUG could corrupt memory or crash. | ||
| Reporter: | Richard Mudgett (rmudgett) | Labels: | |
| Date Opened: | 2012-04-19 14:14:44 | Date Closed: | 2017-10-23 13:03:19 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | General |
| Versions: | SVN | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Use of asprintf() allocates a block of memory to hold the output string. When Asterisk is compiled with the MALLOC_DEBUG option, ast_free() is no longer the same as free(). Memory allocated with malloc() must be freed with free(). Memory allocated with ast_malloc() must be freed with ast_free(). Most of the places where asprintf() is called free the resulting buffer with ast_free() a few lines later. | ||
| Comments: | By: Richard Mudgett (rmudgett) 2013-09-12 20:31:03.139-0500 This needs to be reevaluated to see if it is still true. A change was made that addressed this by creating an ast_asprintf() function that is safe for MALLOC_DEBUG. There is also ast_std_free() which would need to be used with asprintf() to ensure correct freeing. By: Corey Farrell (coreyfarrell) 2017-10-23 13:03:19.419-0500 I believe this issue is fixed by astmm.h define {{ASTMM_LIBC}} which generates build errors by default if standard allocators or free are used. It is no longer possible to 'accidentally' use the standard allocators, linking to asprintf is only possible if a source is compiled with {{#define ASTMM_LIB ASTMM_IGNORE}} before any headers are included. | ||