Dear Maintainer,
I could reproduce the issue and it looks like there is a ABI break
of libre0 because the size of struct sip_addr has changed
from 152 bytes to 168, and therefore overwrites the stack canary here [1].
A baresip built agains libre0 1.1.0-1 did not show this problem.
Kind regards,
Bernhard
[1]
(rr) bt
#0 0x7f9dc0bf22eb in memset (__len=168, __ch=0, __dest=0x7fff4bc3ae80) at
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
#1 sip_addr_decode (addr=addr@entry=0x7fff4bc3ae80,
pl=pl@entry=0x7fff4bc3af50) at src/sip/addr.c:32
#2 0x556a958a831c in call_connect (call=0x556a95dbb7a0,
paddr=paddr@entry=0x7fff4bc3af50) at src/call.c:932
#3 0x556a958b635c in ua_connect (ua=0x556a95db6940, callp=callp@entry=0x0,
from_uri=from_uri@entry=0x0, req_uri=req_uri@entry=0x556a95dbd5a0 "sip:", '0'
, "@fritz.box", vmode=vmode@entry=VIDMODE_ON) at src/ua.c:928
#4 0x7f9dc02a5e1f in dial_handler (pf=, arg=0x7fff4bc3b030)
at modules/menu/menu.c:266
#5 0x556a9586 in cmd_report (data=0x0, mb=,
pf=0x7f9dc0c66020 , cmd=0x7f9dc02aa8c0 ) at src/cmd.c:293
#6 cmd_process_edit (commands=, ctxp=,
key=, pf=, data=0x0) at src/cmd.c:389
#7 0x556a958aaf74 in cmd_process (commands=,
ctxp=, key=, pf=pf@entry=0x7f9dc0c66020
, data=data@entry=0x0) at src/cmd.c:539
#8 0x556a958b7fe0 in ui_input_key (uis=, key=key@entry=10
'\n', pf=pf@entry=0x7f9dc0c66020 ) at src/ui.c:66
#9 0x7f9dc0c6348a in report_key (ui=, key=10 '\n') at
modules/stdio/stdio.c:66
#10 ui_fd_handler (flags=, arg=) at
modules/stdio/stdio.c:90
#11 0x7f9dc0c312dc in fd_poll (re=re@entry=0x7f9dc0c5d0e0 ) at
src/main/main.c:896
#12 0x7f9dc0c31d52 in re_main (signalh=0x556a958babd0 ) at
src/main/main.c:1030
#13 0x556a958a052f in main (argc=, argv=) at
src/main.c:301
# Unstable amd64 qemu VM 2020-10-14
apt update
apt dist-upgrade
apt install systemd-coredump mc htop fakeroot gdb rr baresip
baresip-core-dbgsym libre0-dbgsym
apt build-dep libre0
apt build-dep baresip
echo 1 > /proc/sys/kernel/perf_event_paranoid
mkdir /home/benutzer/source/libre0/orig -p
cd/home/benutzer/source/libre0/orig
apt source libre0
cd
mkdir /home/benutzer/source/baresip-core/orig -p
cd/home/benutzer/source/baresip-core/orig
apt source baresip-core
cd
baresip
d
sip:...@fritz.box
benutzer@debian:~$ baresip
baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al.
Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456
aucodec: PCMU/8000/1
aucodec: PCMA/8000/1
ausrc: alsa
auplay: alsa
medianat: stun
medianat: turn
medianat: ice
Populated 1 account
Populated 3 contacts
Populated 2 audio codecs
Populated 0 audio filters
Populated 0 video codecs
Populated 0 video filters
baresip is ready.
>sip:...@fritz.box
ua: using best effort AF: af=AF_INET
call: connecting to 'sip:...@fritz.box'..
*** stack smashing detected ***: terminated
Abgebrochen (Speicherabzug geschrieben)
root@debian:~# journalctl -e
...
Okt 14 17:49:57 debian systemd[1]: Started Process Core Dump (PID 11453/UID 0).
Okt 14 17:49:58 debian systemd-coredump[11454]: Process 11451 (baresip) of user
1000 dumped core.
Stack trace of thread 11451:
#0 0x7f7c802e8c41
__GI_raise (libc.so.6 + 0x3bc41)
#1 0x7f7c802d2537
__GI_abort (libc.so.6 + 0x25537)
#2 0x7f7c8032b6c8
__libc_message (libc.so.6 + 0x7e6c8)
#3 0x7f7c803ba5b2
__GI___fortify_fail (libc.so.6 + 0x10d5b2)
#4 0x7f7c803ba590
__stack_chk_fail (libc.so.6 + 0x10d590)
#5 0x55ccf95ed3da
call_connect (baresip + 0x143da)
#6 0x55ccf95fb35c
ua_connect (baresip + 0x2235c)
#7 0x7f7c7fdb9e1f n/a
(menu.so + 0x4e1f)
#8 0x55ccf95efaa6 n/a
(baresip + 0x16aa6)
#9 0x7f7c8067348a n/a
(stdio.so + 0x148a)
#10 0x7f7c8063f2dc n/a
(libre.so.0 + 0x562dc)
#11 0x7f7c8063fd52 re_main
(libre.so.0 + 0x56d52)
#12 0x55ccf95e552f main
(baresip + 0xc52f)
#13 0x7f7c802d3cca
__libc_start_main (libc.so.6 + 0x26cca)
#14 0x55ccf95e56ba _start
(baresip + 0xc6ba)
Okt 14 17:49:58 debian systemd[1]: systemd-coredump@2-11453-0.service:
Succeeded.
root@debian:~# coredumpctl lis
