musl - Re: Asterisk 16 segmentation fault

Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Feb 2019 22:19:02 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Cc: Sebastian Kemper <sebastian_ml@....net>
Subject: Re: Asterisk 16 segmentation fault

* Sebastian Kemper <sebastian_ml@....net> [2019-02-28 21:27:51 +0100]:
> I'm not a programmer so I have problems making sense of this. So I'm
> hoping that maybe one of you can shine a light.

it means dlerror() returned 0 and ast_strdupa calls strlen on
this return value which segfaults as expected.

it is entirely valid for dlerror() to return 0 if there was no
error. did the dlopen("res_pjproject.so", flags) call succeed?
i.e. mod->lib != 0 ?.

e.g. the segfault can be avoided by

-			const char *dlerror_msg = ast_strdupa(dlerror());
+			const char *dlerror_msg = dlerror(); dlerror_msg = ast_strdupa(dlerror_msg ? dlerror_msg : "");

but we would need to know what this code is trying to do
(and how it worked before) for a proper fix.

> 
> I set a break point in the mentioned file, line 952. Then I stepped
> forward.
> 
> (gdb) 
> 
> Thread 1 "asterisk" hit Breakpoint 1, load_dlopen (resource_in=0x77d8f52b <parseHhMmSs+578> "D\350\240e", resource_in@...ry=0x5fa910 "res_pjproject.so", so_ext=0x0, 
>     so_ext@...ry=0x53b91c "", filename=0x5fa910 "res_pjproject.so", filename@...ry=0x7fff7a04 "/usr/lib/asterisk/modules/res_pjproject.so", flags=796226418, 
>     flags@...ry=258, suppress_logging=suppress_logging@...ry=0) at loader.c:952
> 952		if (resource_being_loaded) {
> (gdb) 
> 951		mod->lib = dlopen(filename, flags);
> (gdb) 
> 952		if (resource_being_loaded) {
> (gdb) 
> 955			const char *dlerror_msg = ast_strdupa(dlerror());
> (gdb) 
> 
> Thread 1 "asterisk" received signal SIGSEGV, Segmentation fault.
> strlen (s=0x0, s@...ry=0x48d79d <load_dynamic_module+120> "\t\360\"\223\f\234\200\353\216#\005\032\240z\364e") at src/string/strlen.c:17
> 17		for (w = (const void *)s; !HASZERO(*w); w++);
> (gdb) bt
> #0  strlen (s=0x0, s@...ry=0x48d79d <load_dynamic_module+120> "\t\360\"\223\f\234\200\353\216#\005\032\240z\364e") at src/string/strlen.c:17
> #1  0x0048d5db in load_dlopen (resource_in=0x77d8f52b <parseHhMmSs+578> "D\350\240e", resource_in@...ry=0x5fa910 "res_pjproject.so", so_ext=0x0, 
>     so_ext@...ry=0x53b91c "", filename=0x5fa910 "res_pjproject.so", filename@...ry=0x7fff7a04 "/usr/lib/asterisk/modules/res_pjproject.so", flags=796226418, 
>     flags@...ry=258, suppress_logging=suppress_logging@...ry=0) at loader.c:955
> #2  0x0048d79d in load_dynamic_module (resource_in=resource_in@...ry=0x5fa910 "res_pjproject.so", suppress_logging=suppress_logging@...ry=1) at loader.c:1039
> #3  0x0048eea3 in load_resource (resource_name=0x5fa910 "res_pjproject.so", suppress_logging=suppress_logging@...ry=1, 
>     module_priorities=module_priorities@...ry=0x7fff8c24, required=0, preload=0) at loader.c:1635
> #4  0x0048f5e1 in load_resource_list (mod_count=<synthetic pointer>, load_order=0x7fff8c1c) at loader.c:1984
> #5  load_modules () at loader.c:2232
> #6  0x0042c99d in asterisk_daemon (isroot=<optimized out>, rungroup=<optimized out>, runuser=<optimized out>) at asterisk.c:4146
> #7  main (argc=<optimized out>, argv=<optimized out>) at asterisk.c:3918
> (gdb)
> 
> Any help appreciated!
> 
> Kind regards,
> Seb
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.