| Summary: | ASTERISK-26528: [UBSAN] strings.h:signed integer overflow in ast_str_case_hash | ||
| Reporter: | Badalian Vyacheslav (slavon) | Labels: | |
| Date Opened: | 2016-10-30 13:26:52 | Date Closed: | 2017-04-12 18:11:20 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | 13.12.1 13.15.0 14.1.1 GIT | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Many modules use ast_str_case_hash and it's have signed integer overflow.
More 30 errors in asterisk load.... example {code} /usr/src/asterisk/include/asterisk/strings.h:1229:15: runtime error: signed integer overflow: 193412901 * 33 cannot be represented in type 'int' #0 0x5bd3bf in ast_str_case_hash /usr/src/asterisk/include/asterisk/strings.h:1229 #1 0x5f6533 in ast_channel_hash_cb /usr/src/asterisk/main/channel.c:7573 #2 0x4c59a4 in hash_ao2_new_node /usr/src/asterisk/main/astobj2_hash.c:240 #3 0x4c1b9f in internal_ao2_link /usr/src/asterisk/main/astobj2_container.c:124 #4 0x4c1ddc in __ao2_link /usr/src/asterisk/main/astobj2_container.c:174 #5 0x5c320f in __ast_channel_alloc_ap /usr/src/asterisk/main/channel.c:988 #6 0x5c3435 in __ast_channel_alloc /usr/src/asterisk/main/channel.c:1016 #7 0x680040 in ast_unreal_new_channels /usr/src/asterisk/main/core_unreal.c:976 #8 0x67974e in local_request /usr/src/asterisk/main/core_local.c:935 #9 0x5eb7a3 in ast_request /usr/src/asterisk/main/channel.c:6145 #10 0x69cdb5 in begin_dial_prerun /usr/src/asterisk/main/dial.c:332 #11 0x69dc49 in ast_dial_prerun /usr/src/asterisk/main/dial.c:404 #12 0x82206f in pbx_outgoing_attempt /usr/src/asterisk/main/pbx.c:7623 #13 0x822e15 in ast_pbx_outgoing_exten /usr/src/asterisk/main/pbx.c:7766 #14 0x79d28a in action_originate /usr/src/asterisk/main/manager.c:5580 #15 0x7a1d60 in process_message /usr/src/asterisk/main/manager.c:6318 #16 0x7a4039 in do_message /usr/src/asterisk/main/manager.c:6531 #17 0x7a4ebd in session_do /usr/src/asterisk/main/manager.c:6652 #18 0x938e0a in handle_tcptls_connection /usr/src/asterisk/main/tcptls.c:695 #19 0x982e6a in dummy_start /usr/src/asterisk/main/utils.c:1235 #20 0x7fe4aea160a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x80a3) #21 0x7fe4ada5062c in clone (/lib/x86_64-linux-gnu/libc.so.6+0xe862c) {code} | ||
| Comments: | By: Asterisk Team (asteriskteam) 2016-10-30 13:26:53.422-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Torrey Searle (tsearle) 2017-04-07 08:54:57.094-0500 On 2's compliment machines the behavior of abs(MAX_INT) is undefined and returns negative. This causes hash code methods to return negative sometimes. #include <stdio.h> #include <stdlib.h> #include <limits.h> void main() { int val = INT_MIN; printf("Value is %d\n", abs(val)); } Value is -2147483648 By: Friendly Automation (friendly-automation) 2017-04-12 18:11:21.260-0500 Change 5425 merged by zuul: strings.h: Avoid overflows in the string hash functions [https://gerrit.asterisk.org/5425|https://gerrit.asterisk.org/5425] By: Friendly Automation (friendly-automation) 2017-04-12 19:47:23.551-0500 Change 5454 merged by Joshua Colp: strings.h: Avoid overflows in the string hash functions [https://gerrit.asterisk.org/5454|https://gerrit.asterisk.org/5454] By: Friendly Automation (friendly-automation) 2017-04-12 19:47:37.864-0500 Change 5453 merged by Joshua Colp: strings.h: Avoid overflows in the string hash functions [https://gerrit.asterisk.org/5453|https://gerrit.asterisk.org/5453] By: Asterisk Team (asteriskteam) 2017-04-24 22:07:08.087-0500 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. | ||