Summary:ASTERISK-19445: Incorrect values are specified as length in memcpy and memset
Reporter:Makoto Dei (makoto)Labels:
Date Opened:2012-02-28 21:38:03.000-0600Date Closed:2012-04-04 14:56:19
Status:Closed/CompleteComponents:Addons/chan_ooh323 Features Resources/res_adsi Resources/res_crypto
Versions: Frequency of
Environment:Attachments:( 0) memset-memcpy-length.patch
Description:There are some code which specify incorrect values as length
in memcpy and memset.

For example,

 int foo(struct ast_foo *foo, ...)


   memcpy(foo, bar, sizeof(foo));

In this case, sizeof(foo) is 4 (32bit) or 8 (64bit) and not a correct size
of the structure. This should be

   memcpy(foo, bar, sizeof(*foo));

See attached patch for details.
Comments:By: Walter Doekes (wdoekes) 2012-02-29 01:39:15.893-0600

The changes look good to me.

By: Jonathan Rose (jrose) 2012-04-04 14:49:58.917-0500

Hmmm, most of these have been applied through other patches.  There is still the hunk from ooh323cDriver that applies though (probably because it's not supported).

I'll go ahead and commit what's left.

By: Alexander Anikin (may213) 2012-04-05 16:51:49.679-0500


Btw, OOH323 is supported ;)

 if (cur == NULL) {
- if (!(cur = ast_malloc(sizeof(struct callthread)))) {
+ if (!(cur = ast_calloc(1, sizeof(struct callthread)))) {

I not understand sense of that patch.
This part code of codes not contain subject issue and i had not any problem here not per 32bit
nor per 64bit systems.

By: Makoto Dei (makoto) 2012-04-05 20:19:15.165-0500

The real issue is memset of the next change.
To remove it, I replaced ast_malloc and memset with ast_calloc.

By: Alexander Anikin (may213) 2012-04-06 05:26:25.578-0500

Sure, you're right.
It must be real trouble but i never had this in production ;)
Thank you