Bug#1023739: sipsak: Message mode causes segmentation fault
Package: sipsak Version: 0.9.8.1-1 Followup-For: Bug #1023739 Dear Maintainer, This problem is still existing in Bullseye as well as in the next stable Bookworm -- System Information: Debian Release: 11.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-23-amd64 (SMP w/2 CPU threads) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sipsak depends on: ii libc-ares2 1.17.1-1+deb11u2 ii libc62.31-13+deb11u6 ii libgnutls30 3.7.1-5+deb11u3 sipsak recommends no packages. sipsak suggests no packages. -- no debconf information
Bug#1023739: sipsak: Message mode causes segmentation fault
Dear Maintainer, I could reproduce a crash inside a minimal Bookworm/testing amd64 qemu VM. There I took below backtrace [2]. Having msg_data->repl_buff equal NULL seems to be the issue. Upstream commit [1] looks related and a package built with this commit does not crash with the example command. Kind regards, Bernhard [1] https://github.com/nils-ohlmeier/sipsak/commit/8f132bb35b5ce55d76b2e0fc633ad0cc17bbff42 [2] $ rr sipsak -M -B Hi -c sip:benutzer@localhost -s sip:benutzer@localhost rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/sipsak-0'. Speicherzugriffsfehler $ rr replay -o -q ... Program received signal SIGSEGV, Segmentation fault. 0x7fbe6d455096 in __vsprintf_internal (string=0x0, maxlen=maxlen@entry=18446744073709551615, format=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", args=args@entry=0x7ffc6c063840, mode_flags=mode_flags@entry=6) at iovsprintf.c:88 88 iovsprintf.c: Datei oder Verzeichnis nicht gefunden. (rr) bt #0 0x7fbe6d455096 in __vsprintf_internal (string=0x0, maxlen=maxlen@entry=18446744073709551615, format=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", args=args@entry=0x7ffc6c063840, mode_flags=mode_flags@entry=6) at iovsprintf.c:88 #1 0x7fbe6d4eba3b in ___sprintf_chk (s=, flag=flag@entry=1, slen=slen@entry=18446744073709551615, format=format@entry=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n") at sprintf_chk.c:40 #2 0x55e754aefb5e in sprintf (__fmt=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", __s=) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36 #3 create_msg (action=action@entry=4, msg_data=msg_data@entry=0x55e754afd840 ) at src/request.c:227 #4 0x55e754af2b41 in shoot (buf=buf@entry=0x7ffc6c065c10 "MESSAGE sip:benutzer@localhost SIP/2.0\r\nVia: SIP/2.0/UDP 127.0.1.1:59617;branch=z9hG4bK.1a7c9125;rport;alias\r\nTo: sip:benutzer@localhost\r\nCall-ID: 1272641755@127.0.1.1\r\nCSeq: 1 MESSAGE\r\nContent-Type: "..., buff_size=buff_size@entry=4096, options=options@entry=0x7ffc6c065b10) at src/shoot.c:986 #5 0x55e754ae6c12 in main (argc=, argv=) at src/sipsak.c:1044 (rr) up (rr) up (rr) up #3 create_msg (action=action@entry=4, msg_data=msg_data@entry=0x55e754afd840 ) at src/request.c:227 227 sprintf(msg_data->repl_buff, (rr) display/i $pc 1: x/i $pc => 0x55e754aefb5e :add$0x90,%rsp (rr) list 225 } 226 add_via(req_buf_begin, msg_data->fqdn, msg_data->lport); 227 sprintf(msg_data->repl_buff, 228 "%s" 229 "%ssip:sipsak@%s:%i;tag=%x\r\n" 230 "%ssip:%s%s;tag=%o%o\r\n" 231 "%s%u@%s\r\n" 232 "%s%i %s\r\n" 233 "%s0\r\n" 234 "%s%s\r\n" 235 "\r\n", 236 SIP200_STR, 237 FROM_STR, msg_data->fqdn, msg_data->lport, c, 238 TO_STR, msg_data->username, msg_data->domainname, c, d, 239 CALL_STR, c, msg_data->fqdn, 240 CSEQ_STR, msg_data->cseq_counter, MES_STR, 241 CON_LEN_STR, 242 UA_STR, UA_VAL_STR); 243 break; (rr) print msg_data->repl_buff $1 = 0x0
Bug#1023739: sipsak: Message mode causes segmentation fault
Interestingly, reviewing a strace of the command you published, it seems
to be when the system is parsing /etc/hosts
Clearing all entries in this file allows the application to continue
past the segfault, only to fail at resolving the hostname:
write(2, "error: cannot resolve local host"..., 51error: cannot resolve
local hostname: [REDACTED]
strace of the original command as reported:
mprotect(0x7f8574292000, 4096, PROT_READ) = 0
munmap(0x7f8574ac2000, 7030) = 0
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
lseek(5, 0, SEEK_CUR) = 0
fstat(5, {st_mode=S_IFREG|0644, st_size=23, ...}) = 0
read(5, "127.0.0.1 8f146307c8eb\n", 4096) = 23
lseek(5, 0, SEEK_CUR) = 23
read(5, "", 4096) = 0
close(5) = 0
brk(0x55e8d9c43000) = 0x55e8d9c43000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
+++ killed by SIGSEGV +++
Segmentation fault
[Wed Nov 9 13:28:01 2022] sipsak[67985]: segfault at 0 ip
7fe9a9005096 sp 7fff550a4800 error 6 in
libc-2.31.so[7fe9a8fb3000+15a000]
Could this be something related to name resolution/parsing within sipsak?
Bug#1023739: sipsak: Message mode causes segmentation fault
Package: sipsak Version: 0.9.8.1-1 Severity: important Dear Maintainer, Running the following command on Bullseye causes a segmentation fault, whereas running the same command on Stretch or Buster does not: sipsak -M -B Hi -c sip:[From user]@[From host] -s sip:[To user]@[To host] -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-13-amd64 (SMP w/1 CPU thread) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sipsak depends on: ii libc-ares2 1.17.1-1+deb11u1 ii libc62.31-13+deb11u5 ii libgnutls30 3.7.1-5+deb11u2 sipsak recommends no packages. sipsak suggests no packages. -- no debconf information
