Summary: | ASTERISK-25714: ASAN:heap-buffer-overflow in logger.c | ||
Reporter: | Badalian Vyacheslav (slavon) | Labels: | |
Date Opened: | 2016-01-22 11:10:22.000-0600 | Date Closed: | 2016-01-22 15:00:47.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | |
Versions: | 13.7.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | centos 7 x64 | Attachments: | |
Description: | 1. compile with ASAN.
2. don't install any configs 3. run 3. {code} == Manager registered action ModuleCheck == Manager registered action AOCMessage == Manager registered action Filter == Manager registered action BlindTransfer == Registered custom function 'AMI_CLIENT' [Jan 22 20:00:11] NOTICE[23569]: manager.c:8693 __init_manager: Unable to open AMI configuration manager.conf, or configuration is invalid. == Registered application 'CallCompletionRequest' == Registered application 'CallCompletionCancel' ================================================================= ==23569==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000010130 at pc 0x7fbbffe9bb30 bp 0x7ffe25dc2390 sp 0x7ffe25dc2360 READ of size 1 at 0x621000010130 thread T0 #0 0x7fbbffe9bb2f in __interceptor_strlen (/lib64/libasan.so.1+0x33b2f) #1 0x67f4e1 in make_components /root/asterisk-13.7.0/main/logger.c:249 #2 0x68bbbf in update_logchannels /root/asterisk-13.7.0/main/logger.c:2276 #3 0x68c036 in ast_logger_register_level /root/asterisk-13.7.0/main/logger.c:2321 #4 0x51e9f0 in ast_cc_init /root/asterisk-13.7.0/main/ccss.c:4681 #5 0x4965d8 in asterisk_daemon /root/asterisk-13.7.0/main/asterisk.c:4666 #6 0x4955f8 in main /root/asterisk-13.7.0/main/asterisk.c:4282 #7 0x7fbbfd586b14 in __libc_start_main (/lib64/libc.so.6+0x21b14) #8 0x432778 (/usr/sbin/asterisk+0x432778) 0x621000010130 is located 0 bytes to the right of 4144-byte region [0x62100000f100,0x621000010130) allocated by thread T0 here: #0 0x7fbbffebf9a5 in calloc (/lib64/libasan.so.1+0x579a5) #1 0x7ff5b3 in _ast_calloc /root/asterisk-13.7.0/include/asterisk/utils.h:573 #2 0x6808c6 in init_logger_chain /root/asterisk-13.7.0/main/logger.c:467 #3 0x68762f in init_logger /root/asterisk-13.7.0/main/logger.c:1606 #4 0x496045 in asterisk_daemon /root/asterisk-13.7.0/main/asterisk.c:4509 #5 0x4955f8 in main /root/asterisk-13.7.0/main/asterisk.c:4282 #6 0x7fbbfd586b14 in __libc_start_main (/lib64/libc.so.6+0x21b14) SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 __interceptor_strlen Shadow bytes around the buggy address: 0x0c427fff9fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fff9fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fff9ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c427fffa010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c427fffa020: 00 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa 0x0c427fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c427fffa070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==23569==ABORTING {code} | ||
Comments: | By: Asterisk Team (asteriskteam) 2016-01-22 11:10:25.674-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. |