[Home]

Summary:ASTERISK-20231: codec_ilbc using memcpy instead of memmove for overlapping mem
Reporter:Walter Doekes (wdoekes)Labels:
Date Opened:2012-08-14 13:31:04Date Closed:2012-09-25 12:19:27
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Codecs/codec_ilbc
Versions:1.8.15.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) ASTERISK-20231.patch
Description:According to the valgrind at https://issues.asterisk.org/jira/secure/attachment/43983/valgrind_2012-06-27.txt ( ASTERISK-19890 ), iLBC uses memcpy when it should use memmove.

{noformat}
==26282== Source and destination overlap in memcpy(0x7feffcc40, 0x7feffcce0, 428)
==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
==26282==    by 0x11720BEE: Decode (iLBC_decode.c:254)
==26282==    by 0x11721768: iLBC_decode (iLBC_decode.c:507)
==26282==    by 0x11720116: ilbctolin_framein (codec_ilbc.c:113)
==26282==    by 0x567ED3: framein (translate.c:218)
==26282==    by 0x568C84: calc_cost (translate.c:437)
==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
==26282==    by 0x11720411: load_module (codec_ilbc.c:205)
==26282==    by 0x4EA140: start_resource (loader.c:796)
==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
==26282==    by 0x4EB176: load_modules (loader.c:1137)
==26282==    by 0x44628F: main (asterisk.c:3902)
==26282==
==26282== Source and destination overlap in memcpy(0x7feffcc40, 0x7feffcce0, 428)
==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
==26282==    by 0x11720DEE: Decode (iLBC_decode.c:302)
==26282==    by 0x11721768: iLBC_decode (iLBC_decode.c:507)
==26282==    by 0x11720116: ilbctolin_framein (codec_ilbc.c:113)
==26282==    by 0x567ED3: framein (translate.c:218)
==26282==    by 0x568C84: calc_cost (translate.c:437)
==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
==26282==    by 0x11720411: load_module (codec_ilbc.c:205)
==26282==    by 0x4EA140: start_resource (loader.c:796)
==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
==26282==    by 0x4EB176: load_modules (loader.c:1137)
==26282==    by 0x44628F: main (asterisk.c:3902)
==26282==
==26282== Source and destination overlap in memcpy(0x7feffd4a0, 0x7feffd540, 428)
==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
==26282==    by 0x117228F9: iLBC_encode (iLBC_encode.c:311)
==26282==    by 0x11720309: lintoilbc_frameout (codec_ilbc.c:153)
==26282==    by 0x568CBD: calc_cost (translate.c:439)
==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
==26282==    by 0x11720430: load_module (codec_ilbc.c:207)
==26282==    by 0x4EA140: start_resource (loader.c:796)
==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
==26282==    by 0x4EB176: load_modules (loader.c:1137)
==26282==    by 0x44628F: main (asterisk.c:3902)
==26282==
==26282== Source and destination overlap in memcpy(0x7feffd4a0, 0x7feffd540, 428)
==26282==    at 0x4A0884B: memcpy (mc_replace_strmem.c:587)
==26282==    by 0x11722D50: iLBC_encode (iLBC_encode.c:389)
==26282==    by 0x11720309: lintoilbc_frameout (codec_ilbc.c:153)
==26282==    by 0x568CBD: calc_cost (translate.c:439)
==26282==    by 0x56AFE2: __ast_register_translator (translate.c:887)
==26282==    by 0x11720430: load_module (codec_ilbc.c:207)
==26282==    by 0x4EA140: start_resource (loader.c:796)
==26282==    by 0x4EAABF: load_resource_list (loader.c:984)
==26282==    by 0x4EB176: load_modules (loader.c:1137)
==26282==    by 0x44628F: main (asterisk.c:3902)
{noformat}

And valgrind is right.

CB_MEML = 147
SUBL = 40

=> memcpy(x, x + 40, 4 * (147-40))

In 4 places.

There might be more, but valgrind didn't report those, and I didn't check any further ;)

Regards,
Walter
Comments: