[OpenSIPS-Devel] [ opensips-Bugs-3525039 ] incidental crash when using {via} transformations

SourceForge.net noreply at sourceforge.net
Wed May 9 18:38:20 CEST 2012


Bugs item #3525039, was opened at 2012-05-09 01:00
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3525039&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.7.x
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Walter Doekes (wdoekes)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: incidental crash when using {via} transformations

Initial Comment:
Hi,

see attached patch.

If you look at it, you'll see that the old code is wrong. If the next via is only 1-4 bytes longer than the previous one, we start overwriting memory.

And that looks like this:
CRITICAL:core:qm_debug_frag:  qm_*: prev. fragm. tail overwritten(c000410a, abcdefed)[0x8701f0:0x870220]!
or this:
CRITICAL:core:qm_debug_frag:  qm_*: prev. fragm. tail overwritten(c0c0c000, abcdefed)[0x86f890:0x86f8c0]!

Regards,
Walter Doekes
OSSO B.V.

----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-05-09 09:38

Message:
fix on SVN trunk, 1.8 and 1.7

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-05-09 08:28

Message:
following the IRC chat, here is is an optimised patch ;). Could you confirm
everything is ok ?

Thanks and regards,
Bogdan

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-05-09 03:06

Message:
Hi Walter,

I tried a different approach for the fix - without adding a new variable,
but using _tr_via.len to keep the real len, and to correct +4 where needed
:)

Could you please test this fix ?

Thanks and regards,
Bogdan

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3525039&group_id=232389



More information about the Devel mailing list