ASTERISK-26526: [UBSAN] vector.h: null pointer can be passed as argument 2 to memcpy

[Home]

Summary: ASTERISK-26526: [UBSAN] vector.h: null pointer can be passed as argument 2 to memcpy

Reporter: Badalian Vyacheslav (slavon) Labels:

Date Opened: 2016-10-30 06:56:59 Date Closed: 2016-10-31 09:55:28

Priority: Minor Regression?

Status: Closed/Complete Components: Core/AstMM

Versions: 13.12.1 14.1.1 GIT Frequency of
Occurrence

Related
Issues:

Environment: Attachments:

Description: asterisk 13 git branch

{code}
[Oct 30 11:53:23] WARNING[911]: asterisk:243 errReceived: Asterisk 127.0.0.1 received error: cli.c:2786:77: runtime error: null pointer passed as argument 2, which is declared to never be null
{code}

Comments: By: Asterisk Team (asteriskteam) 2016-10-30 06:56:59.541-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
By: Corey Farrell (coreyfarrell) 2016-10-30 09:37:25.525-0500

This issue requires a backtrace to troubleshoot. Please identify the specific revision of Asterisk (commit-id) used to produce the backtrace as we will need to match line numbers from the backtrace to the code.
By: Badalian Vyacheslav (slavon) 2016-10-30 12:52:55.484-0500

You are wellcome! :)

Found by UBSAN! And many others :((((

{code}
stasis_message_router.c:115:42: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x9062d7 in route_table_add /usr/src/asterisk/main/stasis_message_router.c:115
#1 0x907d15 in stasis_message_router_add_cache_update /usr/src/asterisk/main/stasis_message_router.c:33
#2 0x5aeb99 in ast_cdr_engine_init /usr/src/asterisk/main/cdr.c:4212
#3 0x4bf230 in asterisk_daemon /usr/src/asterisk/main/asterisk.c:4596
#4 0x4be642 in main /usr/src/asterisk/main/asterisk.c:4373
#5 0x7f354371bb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#6 0x433918 (/usr/sbin/asterisk+0x433918)
{code}

{code}
cli.c:2786:77: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x63da03 in ast_cli_allow_at_shutdown /usr/src/asterisk/main/cli.c:2786
#1 0x4b09d7 in handle_stop_now /usr/src/asterisk/main/asterisk.c:2525
#2 0x6392d7 in __ast_cli_register /usr/src/asterisk/main/cli.c:2253
#3 0x63a09d in ast_cli_register /usr/src/asterisk/main/cli.c:2313
#4 0x63a0f0 in ast_cli_register_multiple /usr/src/asterisk/main/cli.c:2324
#5 0x4bf448 in asterisk_daemon /usr/src/asterisk/main/asterisk.c:4645
#6 0x4be642 in main /usr/src/asterisk/main/asterisk.c:4373
#7 0x7f354371bb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#8 0x433918 (/usr/sbin/asterisk+0x433918)
{code}

{code}
root@0bfa9456f68a:/usr/src/asterisk# git log
commit 6b1c55dc9be90904363dbcf958a9fcc243c85629
Author: George Joseph <gjoseph@digium.com>
Date: Fri Oct 28 15:59:19 2016 -0600

pjproject_bundled: Fix issue where "/version.mak" wasn't found

root@0bfa9456f68a:/usr/src/asterisk# git branch
* 13

{code}
By: Corey Farrell (coreyfarrell) 2016-10-30 13:42:27.816-0500

It appears UBSAN is being tripped by {{AST_VECTOR_APPEND}} being called when {{(vec)->elems == NULL}}. This causes {{memcpy}} to be called with a NULL 2nd argument. Note this is only a minor issue as the 3rd argument is always 0 when the 2nd argument is NULL, so memcpy won't crash.
By: Friendly Automation (friendly-automation) 2016-10-30 13:44:28.354-0500

Change 4234 had a related patch set uploaded by Corey Farrell:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4234|https://gerrit.asterisk.org/4234]
By: Friendly Automation (friendly-automation) 2016-10-30 13:46:27.286-0500

Change 4235 had a related patch set uploaded by Corey Farrell:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4235|https://gerrit.asterisk.org/4235]
By: Friendly Automation (friendly-automation) 2016-10-30 13:46:41.864-0500

Change 4236 had a related patch set uploaded by Corey Farrell:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4236|https://gerrit.asterisk.org/4236]
By: Friendly Automation (friendly-automation) 2016-10-31 09:55:29.233-0500

Change 4236 merged by zuul:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4236|https://gerrit.asterisk.org/4236]
By: Friendly Automation (friendly-automation) 2016-10-31 09:55:31.836-0500

Change 4235 merged by zuul:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4235|https://gerrit.asterisk.org/4235]
By: Friendly Automation (friendly-automation) 2016-10-31 09:59:11.425-0500

Change 4234 merged by zuul:
vector: Prevent NULL argument to memcpy.

[https://gerrit.asterisk.org/4234|https://gerrit.asterisk.org/4234]