[OpenSIPS-Devel] Compilation issues
Dan Pascu
dan at ag-projects.com
Tue May 28 04:57:53 EDT 2019
On 32 bit systems I noticed the following warnings when compiling which I think indicate that 32 bit systems can crash with an illegal memory access:
-------------------------------------------------------
ucontact.c: In function ‘ucontact_coords_cmp’:
ucontact.c:1036:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
a = (ucontact_sip_coords *)_a;
^
ucontact.c:1037:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
b = (ucontact_sip_coords *)_b;
^
In file included from ../../resolve.h:45,
from ../../proxy.h:75,
from ucontact.h:44,
from ucontact.c:34:
ucontact.c: In function ‘free_ucontact_coords’:
ucontact.c:1049:12: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
shm_free((ucontact_sip_coords *)coords);
^
../../mem/shm_mem.h:513:38: note: in definition of macro ‘shm_free’
#define shm_free( _ptr ) _shm_free( (_ptr), \
^~~~
dlist.c: In function ‘delete_ucontact_from_coords’:
dlist.c:1216:34: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
if (cdb_delete_ucontact_coords((ucontact_sip_coords *)ct_coords)) {
^
-------------------------------------------------------
The variables in question are of type ucontact_coords which is a 64 bit integer. Whenever that type is cast into a pointer it will be truncated to 32 bits on 32 bit platforms which can result in illegal memory access. I have not yet run opensips on a 32 bit system, but I noticed these while compiling it.
Next I got this warning when compiling on both 32 and 64 bit systems:
32 bit warning:
-------------------------------------------------------------
In file included from /usr/include/string.h:494,
from /usr/include/i386-linux-gnu/sys/un.h:37,
from timeout_process.c:27:
In function ‘memcpy’,
inlined from ‘sockaddr2ip_addr’ at ../../parser/../ip_addr.h:212:4,
inlined from ‘timeout_listener_process’ at timeout_process.c:248:6:
/usr/include/i386-linux-gnu/bits/string_fortified.h:34:10: warning: ‘__builtin_memcpy’ forming offset [17, 24] is ou
t of the bounds [0, 16] of object ‘rtpp_info’ with type ‘struct sockaddr’ [-Warray-bounds]
return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
timeout_process.c: In function ‘timeout_listener_process’:
timeout_process.c:76:18: note: ‘rtpp_info’ declared here
struct sockaddr rtpp_info;
^~~~~~~~~
timeout_process.c:235:8: warning: ‘__builtin_memcmp_eq’ reading 16 bytes from a region of size 8 [-Wstringop-overflow=]
memcmp(rtpp_lst->addr, s_in6->sin6_addr.s6_addr, 16) == 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------------
64 bit warning:
-------------------------------------------------------------
timeout_process.c: In function ‘timeout_listener_process’:
timeout_process.c:235:8: warning: ‘__builtin_memcmp_eq’ reading 16 bytes from a region of size 8 [-Wstringop-overflow=]
memcmp(rtpp_lst->addr, s_in6->sin6_addr.s6_addr, 16) == 0)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------------------------------------
which also seems to indicate accessing memory out of bounds.
The next warnings I only noticed when compiling on 64 bit. Not sure why they do not show up on 32 bit, if the problem depends on architecture or is caused by the slight difference in compilers (I used gcc 8.2.0 on 32 bit and gcc 8.3.0 on 64 bit):
-------------------------------------------------------------
libsms_getsms.c: In function ‘splitascii.isra.1’:
libsms_getsms.c:286:2: warning: ‘strncpy’ specified bound 500 equals destination size [-Wstringop-truncation]
strncpy(sms->ascii,start,sizeof(sms->ascii));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libsms_getsms.c:302:2: warning: ‘strncpy’ specified bound 31 equals destination size [-Wstringop-truncation]
strncpy(sms->sender,start,sizeof(sms->sender));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libsms_getsms.c:316:3: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation]
strncpy(sms->name,start,sizeof(sms->name));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
esl/src/esl.c: In function ‘esl_recv_event’:
esl/src/esl.c:1406:4: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
strncpy(handle->last_reply, hval, sizeof(handle->last_reply));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘esl_send_recv_timed.part.6’,
inlined from ‘esl_send_recv_timed’ at esl/src/esl.c:1537:27:
esl/src/esl.c:1604:5: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation]
strncpy(handle->last_sr_reply, hval, sizeof(handle->last_sr_reply));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from esl/src/esl_config.c:34:
esl/src/esl_config.c: In function ‘esl_config_open_file’:
esl/src/include/esl.h:43:37: warning: ‘strncpy’ output may be truncated copying 511 bytes from a string of length 1023 [-Wstringop-truncation]
#define esl_copy_string(_x, _y, _z) strncpy(_x, _y, _z - 1)
^~~~~~~~~~~~~~~~~~~~~~~
esl/src/include/esl.h:44:32: note: in expansion of macro ‘esl_copy_string’
#define esl_set_string(_x, _y) esl_copy_string(_x, _y, sizeof(_x))
^~~~~~~~~~~~~~~
esl/src/esl_config.c:72:4: note: in expansion of macro ‘esl_set_string’
esl_set_string(cfg->path, path);
^~~~~~~~~~~~~~
xjab_wlist.c: In function ‘xj_wlist_set_aliases’:
xjab_wlist.c:473:3: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
strncpy(p0, pa, i);
^~~~~~~~~~~~~~~~~~
xjab_wlist.c:455:34: note: length computed here
i = jwl->aliases->proxy->len = strlen(pa);
^~~~~~~~~~
iniparser.c: In function ‘iniparser_add_entry’:
iniparser.c:568:4: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(longkey, sec, len + 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
iniparser.c:565:17: note: length computed here
size_t len = strlen(sec);
^~~~~~~~~~~
rest_methods.c: In function ‘trace_rest_request_cb’:
rest_methods.c:142:4: warning: ‘strncpy’ specified bound 46 equals destination size [-Wstringop-truncation]
strncpy( tparam->local_ip, ip, INET6_ADDRSTRLEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rest_methods.c:152:4: warning: ‘strncpy’ specified bound 46 equals destination size [-Wstringop-truncation]
strncpy( tparam->remote_ip, ip, INET6_ADDRSTRLEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
opensipsunix.c: In function ‘main’:
opensipsunix.c:93:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
strncpy(from.sun_path, name, strlen(name));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bdb_recover.c: In function ‘extract_key’:
bdb_recover.c:487:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
strncpy(buf, d, len);
^~~~~~~~~~~~~~~~~~~~
bdb_recover.c:486:8: note: length computed here
len = strlen(d);
^~~~~~~~~
bdb_recover.c:498:5: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
strncpy(p, s, len);
^~~~~~~~~~~~~~~~~~
bdb_recover.c:493:9: note: length computed here
len = strlen(s);
^~~~~~~~~
bdb_recover.c: In function ‘create_table’:
bdb_recover.c:795:2: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(tp->name, _s, i);
^~~~~~~~~~~~~~~~~~~~~~~~
bdb_recover.c:793:4: note: length computed here
i=strlen(_s)+1;
^~~~~~~~~~
-------------------------------------------------------------
--
Dan
More information about the Devel
mailing list