[Home]

Summary:ASTERISK-25714: ASAN:heap-buffer-overflow in logger.c
Reporter:Badalian Vyacheslav (slavon)Labels:
Date Opened:2016-01-22 11:10:22.000-0600Date Closed:2016-01-22 15:00:47.000-0600
Priority:MajorRegression?
Status:Closed/CompleteComponents:
Versions:13.7.0 Frequency of
Occurrence
Related
Issues:
Environment:centos 7 x64Attachments:
Description:1. compile with ASAN.
2. don't install any configs
3. run
3.

{code}
 == Manager registered action ModuleCheck
 == Manager registered action AOCMessage
 == Manager registered action Filter
 == Manager registered action BlindTransfer
 == Registered custom function 'AMI_CLIENT'
[Jan 22 20:00:11] NOTICE[23569]: manager.c:8693 __init_manager: Unable to open AMI configuration manager.conf, or configuration is invalid.
 == Registered application 'CallCompletionRequest'
 == Registered application 'CallCompletionCancel'
=================================================================
==23569==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000010130 at pc 0x7fbbffe9bb30 bp 0x7ffe25dc2390 sp 0x7ffe25dc2360
READ of size 1 at 0x621000010130 thread T0
   #0 0x7fbbffe9bb2f in __interceptor_strlen (/lib64/libasan.so.1+0x33b2f)
   #1 0x67f4e1 in make_components /root/asterisk-13.7.0/main/logger.c:249
   #2 0x68bbbf in update_logchannels /root/asterisk-13.7.0/main/logger.c:2276
   #3 0x68c036 in ast_logger_register_level /root/asterisk-13.7.0/main/logger.c:2321
   #4 0x51e9f0 in ast_cc_init /root/asterisk-13.7.0/main/ccss.c:4681
   #5 0x4965d8 in asterisk_daemon /root/asterisk-13.7.0/main/asterisk.c:4666
   #6 0x4955f8 in main /root/asterisk-13.7.0/main/asterisk.c:4282
   #7 0x7fbbfd586b14 in __libc_start_main (/lib64/libc.so.6+0x21b14)
   #8 0x432778 (/usr/sbin/asterisk+0x432778)

0x621000010130 is located 0 bytes to the right of 4144-byte region [0x62100000f100,0x621000010130)
allocated by thread T0 here:
   #0 0x7fbbffebf9a5 in calloc (/lib64/libasan.so.1+0x579a5)
   #1 0x7ff5b3 in _ast_calloc /root/asterisk-13.7.0/include/asterisk/utils.h:573
   #2 0x6808c6 in init_logger_chain /root/asterisk-13.7.0/main/logger.c:467
   #3 0x68762f in init_logger /root/asterisk-13.7.0/main/logger.c:1606
   #4 0x496045 in asterisk_daemon /root/asterisk-13.7.0/main/asterisk.c:4509
   #5 0x4955f8 in main /root/asterisk-13.7.0/main/asterisk.c:4282
   #6 0x7fbbfd586b14 in __libc_start_main (/lib64/libc.so.6+0x21b14)

SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_strlen
Shadow bytes around the buggy address:
 0x0c427fff9fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c427fff9fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c427fff9ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c427fffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 0x0c427fffa010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fffa020: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa
 0x0c427fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c427fffa040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c427fffa050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c427fffa060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 0x0c427fffa070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
 Addressable:           00
 Partially addressable: 01 02 03 04 05 06 07
 Heap left redzone:       fa
 Heap right redzone:      fb
 Freed heap region:       fd
 Stack left redzone:      f1
 Stack mid redzone:       f2
 Stack right redzone:     f3
 Stack partial redzone:   f4
 Stack after return:      f5
 Stack use after scope:   f8
 Global redzone:          f9
 Global init order:       f6
 Poisoned by user:        f7
 Contiguous container OOB:fc
 ASan internal:           fe
==23569==ABORTING
{code}
Comments:By: Asterisk Team (asteriskteam) 2016-01-22 11:10:25.674-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].