Dear Maintainer, I could reproduce a stack smashing using the evdev module and as far as I see it is triggered because of the wrong memory size given to an ioctl in [1] giving the backtrace in [3].
A brief read of [2] suggests to give instead of EV_MAX the size in bytes really available. And a package built with attached patch does not show the stack smashing anymore. This stack smashing can also be seen in the current testing version. Kind regards, Bernhard [1] https://github.com/baresip/baresip/blob/master/modules/evdev/print.c#L49 [2] https://stackoverflow.com/questions/14273129/smashed-stack-when-iterating-over-int-pointers [3] (gdb) bt #0 0x00007ffff7714427 in ioctl () at ../sysdeps/unix/syscall-template.S:78 #1 0x00007ffff7fc4adf in print_events (fd=<optimized out>) at modules/evdev/print.c:49 #2 0x00007ffff7fc492a in evdev_alloc (stp=0x7ffff7fca198 <evdev>, dev=0x7ffff7fca100 <evdev_device> "/dev/input/event0") at modules/evdev/evdev.c:251 #3 module_init () at modules/evdev/evdev.c:325 #4 0x00007ffff7f93f82 in mod_load (mp=mp@entry=0x7fffffffd0d8, name=name@entry=0x7fffffffd0e0 "/usr/lib/baresip/modules/evdev.so") at src/mod/mod.c:137 #5 0x000055555556ce86 in load_module (modp=modp@entry=0x0, modpath=<optimized out>, name=0x7fffffffe120) at src/module.c:88 #6 0x000055555556cf9e in module_handler (val=<optimized out>, arg=<optimized out>) at src/module.c:105 #7 0x00007ffff7f94811 in conf_apply (conf=conf@entry=0x5555555ac760, name=name@entry=0x5555555790c2 "module", ch=ch@entry=0x55555556cf90 <module_handler>, arg=arg@entry=0x7fffffffe380) at src/conf/conf.c:285 #8 0x000055555556d0c1 in module_init (conf=0x5555555ac760) at src/module.c:151 #9 0x0000555555569950 in conf_modules () at src/conf.c:385 #10 0x000055555555f467 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:242
Description: Use right size for ioctl Author: Bernhard Übelacker <bernha...@mailbox.org> Bug-Debian: https://bugs.debian.org/961434 Forwarded: no Last-Update: 2020-10-15 --- baresip-0.6.1.orig/modules/evdev/print.c +++ baresip-0.6.1/modules/evdev/print.c @@ -46,7 +46,7 @@ void print_events(int fd) int i; memset(evtype_bitmask, 0, sizeof(evtype_bitmask)); - if (ioctl(fd, EVIOCGBIT(0, EV_MAX), evtype_bitmask) < 0) { + if (ioctl(fd, EVIOCGBIT(0, sizeof(evtype_bitmask)), evtype_bitmask) < 0) { warning("evdev: ioctl EVIOCGBIT (%m)\n", errno); return; }
# Unstable amd64 qemu VM 2020-10-14 apt update apt dist-upgrade apt install systemd-coredump mc htop fakeroot gdb rr baresip baresip-core-dbgsym libre0-dbgsym apt build-dep libre0 apt build-dep baresip echo 1 > /proc/sys/kernel/perf_event_paranoid mkdir /home/benutzer/source/libre0/orig -p cd /home/benutzer/source/libre0/orig apt source libre0 cd mkdir /home/benutzer/source/baresip-core/orig -p cd /home/benutzer/source/baresip-core/orig apt source baresip-core cd mc -e /home/benutzer/.baresip/accounts # configure account baresip d sip:00000000...@fritz.box benutzer@debian:~$ baresip baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al. Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456 aucodec: PCMU/8000/1 aucodec: PCMA/8000/1 ausrc: alsa auplay: alsa medianat: stun medianat: turn medianat: ice Populated 1 account Populated 3 contacts Populated 2 audio codecs Populated 0 audio filters Populated 0 video codecs Populated 0 video filters baresip is ready. > sip:00000000...@fritz.box ua: using best effort AF: af=AF_INET call: connecting to 'sip:00000000...@fritz.box'.. *** stack smashing detected ***: terminated Abgebrochen (Speicherabzug geschrieben) root@debian:~# journalctl -e ... Okt 14 17:49:57 debian systemd[1]: Started Process Core Dump (PID 11453/UID 0). Okt 14 17:49:58 debian systemd-coredump[11454]: Process 11451 (baresip) of user 1000 dumped core. Stack trace of thread 11451: #0 0x00007f7c802e8c41 __GI_raise (libc.so.6 + 0x3bc41) #1 0x00007f7c802d2537 __GI_abort (libc.so.6 + 0x25537) #2 0x00007f7c8032b6c8 __libc_message (libc.so.6 + 0x7e6c8) #3 0x00007f7c803ba5b2 __GI___fortify_fail (libc.so.6 + 0x10d5b2) #4 0x00007f7c803ba590 __stack_chk_fail (libc.so.6 + 0x10d590) #5 0x000055ccf95ed3da call_connect (baresip + 0x143da) #6 0x000055ccf95fb35c ua_connect (baresip + 0x2235c) #7 0x00007f7c7fdb9e1f n/a (menu.so + 0x4e1f) #8 0x000055ccf95efaa6 n/a (baresip + 0x16aa6) #9 0x00007f7c8067348a n/a (stdio.so + 0x148a) #10 0x00007f7c8063f2dc n/a (libre.so.0 + 0x562dc) #11 0x00007f7c8063fd52 re_main (libre.so.0 + 0x56d52) #12 0x000055ccf95e552f main (baresip + 0xc52f) #13 0x00007f7c802d3cca __libc_start_main (libc.so.6 + 0x26cca) #14 0x000055ccf95e56ba _start (baresip + 0xc6ba) Okt 14 17:49:58 debian systemd[1]: systemd-coredump@2-11453-0.service: Succeeded. root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Wed 2020-10-14 17:49:58 CEST 11451 1000 1000 6 present /usr/bin/baresip root@debian:~# coredumpctl gdb 11451 PID: 11451 (baresip) UID: 1000 (benutzer) GID: 1000 (benutzer) Signal: 6 (ABRT) Timestamp: Wed 2020-10-14 17:49:57 CEST (1min 59s ago) Command Line: baresip Executable: /usr/bin/baresip Control Group: /user.slice/user-1000.slice/session-3.scope Unit: session-3.scope Slice: user-1000.slice Session: 3 Owner UID: 1000 (benutzer) Boot ID: fe84f9f9a76c41579997c01650b8a93d Machine ID: 33f18f39d2a9438eb75b0ed52848afcd Hostname: debian Storage: /var/lib/systemd/coredump/core.baresip.1000.fe84f9f9a76c41579997c01650b8a93d.11451.1602690597000000.zst Message: Process 11451 (baresip) of user 1000 dumped core. Stack trace of thread 11451: #0 0x00007f7c802e8c41 __GI_raise (libc.so.6 + 0x3bc41) #1 0x00007f7c802d2537 __GI_abort (libc.so.6 + 0x25537) #2 0x00007f7c8032b6c8 __libc_message (libc.so.6 + 0x7e6c8) #3 0x00007f7c803ba5b2 __GI___fortify_fail (libc.so.6 + 0x10d5b2) #4 0x00007f7c803ba590 __stack_chk_fail (libc.so.6 + 0x10d590) #5 0x000055ccf95ed3da call_connect (baresip + 0x143da) #6 0x000055ccf95fb35c ua_connect (baresip + 0x2235c) #7 0x00007f7c7fdb9e1f n/a (menu.so + 0x4e1f) #8 0x000055ccf95efaa6 n/a (baresip + 0x16aa6) #9 0x00007f7c8067348a n/a (stdio.so + 0x148a) #10 0x00007f7c8063f2dc n/a (libre.so.0 + 0x562dc) #11 0x00007f7c8063fd52 re_main (libre.so.0 + 0x56d52) #12 0x000055ccf95e552f main (baresip + 0xc52f) #13 0x00007f7c802d3cca __libc_start_main (libc.so.6 + 0x26cca) #14 0x000055ccf95e56ba _start (baresip + 0xc6ba) GNU gdb (Debian 9.2-1) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/baresip... (No debugging symbols found in /usr/bin/baresip) [New LWP 11451] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `baresip'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f7c802d2537 in __GI_abort () at abort.c:79 #2 0x00007f7c8032b6c8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7c80439c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007f7c803ba5b2 in __GI___fortify_fail (msg=msg@entry=0x7f7c80439c10 "stack smashing detected") at fortify_fail.c:26 #4 0x00007f7c803ba590 in __stack_chk_fail () at stack_chk_fail.c:24 #5 0x000055ccf95ed3da in call_connect () #6 0x000055ccf95fb35c in ua_connect () #7 0x00007f7c7fdb9e1f in ?? () from /usr/lib/baresip/modules/menu.so #8 0x000055ccf95efaa6 in ?? () #9 0x00007f7c8067348a in ?? () from /usr/lib/baresip/modules/stdio.so #10 0x00007f7c8063f2dc in ?? () from /lib/x86_64-linux-gnu/libre.so.0 #11 0x00007f7c8063fd52 in re_main () from /lib/x86_64-linux-gnu/libre.so.0 #12 0x000055ccf95e552f in main () (gdb) set width 0 (gdb) set pagination off (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f7c802d2537 in __GI_abort () at abort.c:79 #2 0x00007f7c8032b6c8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7c80439c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007f7c803ba5b2 in __GI___fortify_fail (msg=msg@entry=0x7f7c80439c10 "stack smashing detected") at fortify_fail.c:26 #4 0x00007f7c803ba590 in __stack_chk_fail () at stack_chk_fail.c:24 #5 0x000055ccf95ed3da in call_connect (call=<optimized out>, paddr=paddr@entry=0x7ffeebb3b790) at src/call.c:953 #6 0x000055ccf95fb35c in ua_connect (ua=0x55ccfb323a10, callp=callp@entry=0x0, from_uri=from_uri@entry=0x0, req_uri=req_uri@entry=0x55ccfb328830 "sip:00000000...@fritz.box", vmode=vmode@entry=VIDMODE_ON) at src/ua.c:928 #7 0x00007f7c7fdb9e1f in dial_handler (pf=<optimized out>, arg=0x7ffeebb3b870) at modules/menu/menu.c:266 #8 0x000055ccf95efaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f7c80676020 <pf_stderr>, cmd=0x7f7c7fdbe8c0 <cmdv+96>) at src/cmd.c:293 #9 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389 #10 0x000055ccf95eff74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf@entry=0x7f7c80676020 <pf_stderr>, data=data@entry=0x0) at src/cmd.c:539 #11 0x000055ccf95fcfe0 in ui_input_key (uis=<optimized out>, key=key@entry=10 '\n', pf=pf@entry=0x7f7c80676020 <pf_stderr>) at src/ui.c:66 #12 0x00007f7c8067348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66 #13 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90 #14 0x00007f7c8063f2dc in fd_poll (re=re@entry=0x7f7c8066b0e0 <global_re>) at src/main/main.c:896 #15 0x00007f7c8063fd52 in re_main (signalh=0x55ccf95ffbd0 <signal_handler>) at src/main/main.c:1030 #16 0x000055ccf95e552f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301 benutzer@debian:~$ rr baresip rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/baresip-0'. baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al. Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456 aucodec: PCMU/8000/1 aucodec: PCMA/8000/1 ausrc: alsa auplay: alsa medianat: stun medianat: turn medianat: ice Populated 1 account Populated 3 contacts Populated 2 audio codecs Populated 0 audio filters Populated 0 video codecs Populated 0 video filters baresip is ready. > sip:00000000...@fritz.box ua: using best effort AF: af=AF_INET call: connecting to 'sip:00000000...@fritz.box'.. *** stack smashing detected ***: terminated Abgebrochen benutzer@debian:~$ rr replay /home/benutzer/.local/share/rr/baresip-0 GNU gdb (Debian 9.2-1) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/baresip... Reading symbols from /usr/lib/debug/.build-id/f5/b31e57d03509198192630b33f7b84332e3db4d.debug... Really redefine built-in command "restart"? (y or n) [answered Y; input not from terminal] Remote debugging using 127.0.0.1:15367 Reading symbols from /lib64/ld-linux-x86-64.so.2... Reading symbols from /usr/lib/debug/.build-id/73/b5f3f35d011747d94a91cce4412ca4545451e2.debug... 0x00007f9dc0c9b090 in _start () from /lib64/ld-linux-x86-64.so.2 (rr) set width 0 (rr) set pagination off (rr) display/i $pc 1: x/i $pc => 0x7f9dc0c9b090 <_start>: mov %rsp,%rdi (rr) directory /home/benutzer/source/libre0/orig/libre-1.1.0 Source directories searched: /home/benutzer/source/libre0/orig/libre-1.1.0:$cdir:$cwd (rr) directory /home/benutzer/source/baresip-core/orig/baresip-1.0.0 Source directories searched: /home/benutzer/source/baresip-core/orig/baresip-1.0.0:/home/benutzer/source/libre0/orig/libre-1.1.0:$cdir:$cwd (rr) cont Continuing. baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al. Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456 aucodec: PCMU/8000/1 aucodec: PCMA/8000/1 ausrc: alsa auplay: alsa medianat: stun medianat: turn medianat: ice Populated 1 account Populated 3 contacts Populated 2 audio codecs Populated 0 audio filters Populated 0 video codecs Populated 0 video filters baresip is ready. > sip:00000000...@fritz.box ua: using best effort AF: af=AF_INET call: connecting to 'sip:00000000...@fritz.box'.. *** stack smashing detected ***: terminated Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x7f9dc08dac41 <__GI_raise+321>: mov 0x108(%rsp),%rax (rr) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f9dc08c4537 in __GI_abort () at abort.c:79 #2 0x00007f9dc091d6c8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007f9dc09ac5b2 in __GI___fortify_fail (msg=msg@entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26 #4 0x00007f9dc09ac590 in __stack_chk_fail () at stack_chk_fail.c:24 #5 0x0000556a958a83da in call_connect (call=<optimized out>, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:953 #6 0x0000556a958b635c in ua_connect (ua=0x556a95db6940, callp=callp@entry=0x0, from_uri=from_uri@entry=0x0, req_uri=req_uri@entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode@entry=VIDMODE_ON) at src/ua.c:928 #7 0x00007f9dc02a5e1f in dial_handler (pf=<optimized out>, arg=0x7fff4bc3b030) at modules/menu/menu.c:266 #8 0x0000556a958aaaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f9dc0c66020 <pf_stderr>, cmd=0x7f9dc02aa8c0 <cmdv+96>) at src/cmd.c:293 #9 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389 #10 0x0000556a958aaf74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf@entry=0x7f9dc0c66020 <pf_stderr>, data=data@entry=0x0) at src/cmd.c:539 #11 0x0000556a958b7fe0 in ui_input_key (uis=<optimized out>, key=key@entry=10 '\n', pf=pf@entry=0x7f9dc0c66020 <pf_stderr>) at src/ui.c:66 #12 0x00007f9dc0c6348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66 #13 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90 #14 0x00007f9dc0c312dc in fd_poll (re=re@entry=0x7f9dc0c5d0e0 <global_re>) at src/main/main.c:896 #15 0x00007f9dc0c31d52 in re_main (signalh=0x556a958babd0 <signal_handler>) at src/main/main.c:1030 #16 0x0000556a958a052f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301 (rr) reverse-stepi Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 in ../sysdeps/unix/sysv/linux/raise.c 1: x/i $pc => 0x7f9dc08dac41 <__GI_raise+321>: mov 0x108(%rsp),%rax (rr) reverse-finish Run back to call of #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 0x00007f9dc08c4532 in __GI_abort () at abort.c:79 79 abort.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x7f9dc08c4532 <__GI_abort+286>: callq 0x7f9dc08dab00 <__GI_raise> (rr) reverse-finish Run back to call of #0 0x00007f9dc08c4532 in __GI_abort () at abort.c:79 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 155 ../sysdeps/posix/libc_fatal.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x7f9dc091d6c3 <__libc_message+595>: callq 0x7f9dc08c4414 <__GI_abort> (rr) reverse-finish Run back to call of #0 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155 0x00007f9dc09ac5ad in __GI___fortify_fail (msg=msg@entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26 26 fortify_fail.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x7f9dc09ac5ad <__GI___fortify_fail+29>: callq 0x7f9dc091d470 <__libc_message> (rr) reverse-finish Run back to call of #0 0x00007f9dc09ac5ad in __GI___fortify_fail (msg=msg@entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26 0x00007f9dc09ac58b in __stack_chk_fail () at stack_chk_fail.c:24 24 stack_chk_fail.c: Datei oder Verzeichnis nicht gefunden. 1: x/i $pc => 0x7f9dc09ac58b <__stack_chk_fail+11>: callq 0x7f9dc09ac590 <__GI___fortify_fail> (rr) reverse-finish Run back to call of #0 0x00007f9dc09ac58b in __stack_chk_fail () at stack_chk_fail.c:24 0x0000556a958a83d5 in call_connect (call=<optimized out>, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:953 953 err = send_invite(call); 1: x/i $pc => 0x556a958a83d5 <call_connect+277>: callq 0x556a9589f8c0 <__stack_chk_fail@plt> (rr) reverse-finish Run back to call of #0 0x0000556a958a83d5 in call_connect (call=<optimized out>, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:953 0x0000556a958b6357 in ua_connect (ua=0x556a95db6940, callp=callp@entry=0x0, from_uri=from_uri@entry=0x0, req_uri=req_uri@entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode@entry=VIDMODE_ON) at src/ua.c:928 928 err = call_connect(call, &pl); 1: x/i $pc => 0x556a958b6357 <ua_connect+279>: callq 0x556a958a82c0 <call_connect> (rr) # (rr) # (rr) # (rr) stepi call_connect (call=0x556a95dbb7a0, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:918 918 { 1: x/i $pc => 0x556a958a82c0 <call_connect>: push %r13 (rr) nexti 0x0000556a958a82c2 918 { 1: x/i $pc => 0x556a958a82c2 <call_connect+2>: push %r12 (rr) nexti 0x0000556a958a82c4 918 { 1: x/i $pc => 0x556a958a82c4 <call_connect+4>: push %rbp (rr) nexti 0x0000556a958a82c5 918 { 1: x/i $pc => 0x556a958a82c5 <call_connect+5>: sub $0xa0,%rsp (rr) nexti 0x0000556a958a82cc 918 { 1: x/i $pc => 0x556a958a82cc <call_connect+12>: mov %fs:0x28,%rax (rr) nexti 0x0000556a958a82d5 918 { 1: x/i $pc => 0x556a958a82d5 <call_connect+21>: mov %rax,0x98(%rsp) (rr) print/x $rax $1 = 0xd625094b996e1c00 (rr) print/x $rsp $2 = 0x7fff4bc3ae80 (rr) display/x *(void**)(0x7fff4bc3ae80+0x98) 2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0x1 (rr) nexti 0x0000556a958a82dd 918 { 1: x/i $pc => 0x556a958a82dd <call_connect+29>: xor %eax,%eax 2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0xd625094b996e1c00 (rr) watch *(void**)(0x7fff4bc3ae80+0x98) Hardware watchpoint 1: *(void**)(0x7fff4bc3ae80+0x98) (rr) cont Continuing. call: connecting to 'sip:00000000...@fritz.box'.. Hardware watchpoint 1: *(void**)(0x7fff4bc3ae80+0x98) Old value = (void *) 0xd625094b996e1c00 New value = (void *) 0x0 0x00007f9dc0bf22eb in memset (__len=168, __ch=0, __dest=0x7fff4bc3ae80) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71 71 return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest)); 1: x/i $pc => 0x7f9dc0bf22eb <sip_addr_decode+123>: rep stos %rax,%es:(%rdi) 2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0x0 (rr) bt #0 0x00007f9dc0bf22eb in memset (__len=168, __ch=0, __dest=0x7fff4bc3ae80) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71 #1 sip_addr_decode (addr=addr@entry=0x7fff4bc3ae80, pl=pl@entry=0x7fff4bc3af50) at src/sip/addr.c:32 #2 0x0000556a958a831c in call_connect (call=0x556a95dbb7a0, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:932 #3 0x0000556a958b635c in ua_connect (ua=0x556a95db6940, callp=callp@entry=0x0, from_uri=from_uri@entry=0x0, req_uri=req_uri@entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode@entry=VIDMODE_ON) at src/ua.c:928 #4 0x00007f9dc02a5e1f in dial_handler (pf=<optimized out>, arg=0x7fff4bc3b030) at modules/menu/menu.c:266 #5 0x0000556a958aaaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f9dc0c66020 <pf_stderr>, cmd=0x7f9dc02aa8c0 <cmdv+96>) at src/cmd.c:293 #6 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389 #7 0x0000556a958aaf74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf@entry=0x7f9dc0c66020 <pf_stderr>, data=data@entry=0x0) at src/cmd.c:539 #8 0x0000556a958b7fe0 in ui_input_key (uis=<optimized out>, key=key@entry=10 '\n', pf=pf@entry=0x7f9dc0c66020 <pf_stderr>) at src/ui.c:66 #9 0x00007f9dc0c6348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66 #10 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90 #11 0x00007f9dc0c312dc in fd_poll (re=re@entry=0x7f9dc0c5d0e0 <global_re>) at src/main/main.c:896 #12 0x00007f9dc0c31d52 in re_main (signalh=0x556a958babd0 <signal_handler>) at src/main/main.c:1030 #13 0x0000556a958a052f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301 (rr) # (rr) # (rr) # (rr) up #1 sip_addr_decode (addr=addr@entry=0x7fff4bc3ae80, pl=pl@entry=0x7fff4bc3af50) at src/sip/addr.c:32 32 memset(addr, 0, sizeof(*addr)); (rr) print sizeof(*addr) $3 = 168 (rr) ptype /o *addr /* offset | size */ type = struct sip_addr { /* 0 | 16 */ struct pl { /* 0 | 8 */ const char *p; /* 8 | 8 */ size_t l; /* total size (bytes): 16 */ } dname; /* 16 | 16 */ struct pl { /* 16 | 8 */ const char *p; /* 24 | 8 */ size_t l; /* total size (bytes): 16 */ } auri; /* 32 | 120 */ struct uri { /* 32 | 16 */ struct pl { /* 32 | 8 */ const char *p; /* 40 | 8 */ size_t l; /* total size (bytes): 16 */ } scheme; /* 48 | 16 */ struct pl { /* 48 | 8 */ const char *p; /* 56 | 8 */ size_t l; /* total size (bytes): 16 */ } user; /* 64 | 16 */ struct pl { /* 64 | 8 */ const char *p; /* 72 | 8 */ size_t l; /* total size (bytes): 16 */ } password; /* 80 | 16 */ struct pl { /* 80 | 8 */ const char *p; /* 88 | 8 */ size_t l; /* total size (bytes): 16 */ } host; /* 96 | 4 */ int af; /* 100 | 2 */ uint16_t port; /* XXX 2-byte hole */ /* 104 | 16 */ struct pl { /* 104 | 8 */ const char *p; /* 112 | 8 */ size_t l; /* total size (bytes): 16 */ } path; /* 120 | 16 */ struct pl { /* 120 | 8 */ const char *p; /* 128 | 8 */ size_t l; /* total size (bytes): 16 */ } params; /* 136 | 16 */ struct pl { /* 136 | 8 */ const char *p; /* 144 | 8 */ size_t l; /* total size (bytes): 16 */ } headers; /* total size (bytes): 120 */ } uri; /* 152 | 16 */ struct pl { /* 152 | 8 */ const char *p; /* 160 | 8 */ size_t l; /* total size (bytes): 16 */ } params; /* total size (bytes): 168 */ } (rr) # (rr) # (rr) # (rr) up #2 0x0000556a958a831c in call_connect (call=0x556a95dbb7a0, paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:932 932 if (0 == sip_addr_decode(&addr, paddr)) { (rr) print sizeof(addr) $4 = 152 (rr) ptype /o addr /* offset | size */ type = struct sip_addr { /* 0 | 16 */ struct pl { /* 0 | 8 */ const char *p; /* 8 | 8 */ size_t l; /* total size (bytes): 16 */ } dname; /* 16 | 16 */ struct pl { /* 16 | 8 */ const char *p; /* 24 | 8 */ size_t l; /* total size (bytes): 16 */ } auri; /* 32 | 104 */ struct uri { /* 32 | 16 */ struct pl { /* 32 | 8 */ const char *p; /* 40 | 8 */ size_t l; /* total size (bytes): 16 */ } scheme; /* 48 | 16 */ struct pl { /* 48 | 8 */ const char *p; /* 56 | 8 */ size_t l; /* total size (bytes): 16 */ } user; /* 64 | 16 */ struct pl { /* 64 | 8 */ const char *p; /* 72 | 8 */ size_t l; /* total size (bytes): 16 */ } password; /* 80 | 16 */ struct pl { /* 80 | 8 */ const char *p; /* 88 | 8 */ size_t l; /* total size (bytes): 16 */ } host; /* 96 | 4 */ int af; /* 100 | 2 */ uint16_t port; /* XXX 2-byte hole */ /* 104 | 16 */ struct pl { /* 104 | 8 */ const char *p; /* 112 | 8 */ size_t l; /* total size (bytes): 16 */ } params; /* 120 | 16 */ struct pl { /* 120 | 8 */ const char *p; /* 128 | 8 */ size_t l; /* total size (bytes): 16 */ } headers; /* total size (bytes): 104 */ } uri; /* 136 | 16 */ struct pl { /* 136 | 8 */ const char *p; /* 144 | 8 */ size_t l; /* total size (bytes): 16 */ } params; /* total size (bytes): 152 */ } https://sources.debian.org/src/libre/1.1.0-1/src/sip/addr.c/#L32