-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/3898/
-----------------------------------------------------------
Review request for Asterisk Developers.
Bugs: ASTERISK-23508
https://issues.asterisk.org/jira/browse/ASTERISK-23508
Repository: Asterisk
Description
-------
Reporter has observed memory corruption in __ast_string_field_ptr_build_va.
Cause:
- when all space in a stringfield is used (used==size), then space==0
- in that case, the "available" space would become below zero and overflow
(size_t)
- result, avaiable space is huge, and memory corruption ensues
Diffs
-----
/branches/1.8/main/utils.c 420566
Diff: https://reviewboard.asterisk.org/r/3898/diff/
Testing
-------
Problem and cause has been described by Arnd Schmitter and tested by him and
JoshE.
The tested patch was against 11. This review is a backport to 1.8.
File Attachments
----------------
branches-11
https://reviewboard.asterisk.org/media/uploaded/files/2014/08/08/4d51862e-4661-49f2-92be-e6a17feebfd3__issueA23508_stringfieldptr_corruption-11.x.patch
Thanks,
wdoekes
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
