----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3898/#review13062 -----------------------------------------------------------
Ship it! Yikes. One has to wonder how many other memory corruptions that were nearly impossible to reproduce this caused. - Matt Jordan On Aug. 8, 2014, 1:37 p.m., wdoekes wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviewboard.asterisk.org/r/3898/ > ----------------------------------------------------------- > > (Updated Aug. 8, 2014, 1:37 p.m.) > > > Review request for Asterisk Developers. > > > Bugs: ASTERISK-23508 > https://issues.asterisk.org/jira/browse/ASTERISK-23508 > > > Repository: Asterisk > > > Description > ------- > > Reporter has observed memory corruption in __ast_string_field_ptr_build_va. > > Cause: > - when all space in a stringfield is used (used==size), then space==0 > - in that case, the "available" space would become below zero and overflow > (size_t) > - result, avaiable space is huge, and memory corruption ensues > > > Diffs > ----- > > /branches/1.8/main/utils.c 420566 > > Diff: https://reviewboard.asterisk.org/r/3898/diff/ > > > Testing > ------- > > Problem and cause has been described by Arnd Schmitter and tested by him and > JoshE. > > The tested patch was against 11. This review is a backport to 1.8. > > > File Attachments > ---------------- > > branches-11 > > https://reviewboard.asterisk.org/media/uploaded/files/2014/08/08/4d51862e-4661-49f2-92be-e6a17feebfd3__issueA23508_stringfieldptr_corruption-11.x.patch > > > Thanks, > > wdoekes > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
