[OpenSIPS-Devel] [opensips] check for invalid parameter passed to _tr_parse_sparam #531 (#532)

Jarrod Baumann notifications at github.com
Sat May 30 07:00:34 CEST 2015 

My solution to #531 caused by _tr_parse_sparam attempting to parse an empty argument.  The 100% CPU is caused by an infinite loop in `static void trans_fill_right(pv_value_t *val, str pad, int len)` (transformations.c:129) since the while loop `while (len > 0)` depends on pad.len being decremented from len (`len -= pad.len;`) which never happens because pad.len = 0.

There are probably a couple different ways to incorporate this check, but this works.  Applying this pull request before my previous pull request, #530, will probably cause it to be invalid in case it is approved as well.

Here is the backtrace that led me to the above conclusion:

```
(gdb) bt
#0  trans_fill_right (len=1, val=<optimized out>, pad=...)
    at transformations.c:153
#1  tr_eval_string (msg=<optimized out>, tp=<optimized out>, 
    subtype=<optimized out>, val=<optimized out>) at transformations.c:707
#2  0x00000000004b97cd in run_transformations (msg=msg at entry=0x7fffffffdcf0, 
    tr=<optimized out>, val=val at entry=0x7fffffffd580) at transformations.c:78
#3  0x00000000004f5ae9 in pv_get_spec_value (msg=<optimized out>, 
    sp=0x7ffff745c3c8, value=0x7fffffffd580) at pvar.c:4122
#4  0x00000000004f75d0 in pv_printf (msg=msg at entry=0x7fffffffdcf0, 
    list=list at entry=0x7ffff745c3b8, buf=<optimized out>, 
    len=len at entry=0x7fffffffd5e4) at pvar.c:4194
#5  0x00000000004fce0c in pv_printf (msg=msg at entry=0x7fffffffdcf0, 
    list=list at entry=0x7ffff745c3b8, buf=<optimized out>, 
    len=len at entry=0x7fffffffd5e4) at pvar.c:4173
#6  0x0000000000484799 in xl_print_log (len=0x7fffffffd5e4, 
    list=0x7ffff745c3b8, msg=0x7fffffffdcf0) at xlog.c:65
#7  xlog_1 (msg=msg at entry=0x7fffffffdcf0, 
    frm=0x7ffff745c3b8 "p^B\367\377\177", str2=<optimized out>) at xlog.c:114
#8  0x0000000000459d46 in do_action (a=a at entry=0x7ffff7425f08, 
    msg=msg at entry=0x7fffffffdcf0) at action.c:1652
#9  0x000000000045dce1 in run_action_list (msg=<optimized out>, 
    a=<optimized out>) at action.c:169
#10 run_actions (msg=0x7fffffffdcf0, a=<optimized out>) at action.c:134
#11 run_top_route (a=<optimized out>, msg=msg at entry=0x7fffffffdcf0)
    at action.c:209
#12 0x00000000004a0732 in run_startup_route () at route.c:2381
#13 0x00000000005905ce in udp_start_nofork () at net/net_udp.c:363
#14 0x000000000041a75e in main_loop () at main.c:665
#15 main (argc=<optimized out>, argv=<optimized out>) at main.c:1248
```

You can view, comment on, or merge this pull request online at:

  https://github.com/OpenSIPS/opensips/pull/532

-- Commit Summary --

  * check for invalid parameter passed to _tr_parse_sparam #531

-- File Changes --

    M transformations.c (7)

-- Patch Links --

https://github.com/OpenSIPS/opensips/pull/532.patch
https://github.com/OpenSIPS/opensips/pull/532.diff

---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/pull/532
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20150529/e69c0897/attachment.htm>

More information about the Devel mailing list