Re: [Sofia-sip-devel] sofia-sip debugging with DUMA

Pekka Pessi Fri, 03 Jul 2009 00:42:02 -0700

2009/6/29 Bernhard Suttner <bernhard.sutt...@comdasys.com>:
> I am trying to find a certain bug in our application and tried D.U.M.A. ( 
> http://duma.sourceforge.net/ , based on efence).
>
> If I run the application, I get the following error:
>
> Program terminated with signal 11, Segmentation fault.
>
>
> #0  0xb7b3e559 in memccpy () from /lib/libc.so.6
>
> (gdb) bt
> #0  0xb7b3e559 in memccpy () from /lib/libc.so.6
> #1  0xb7c49406 in msg_params_dup () from /usr/lib/libsofia-sip-ua.so.0
> #2  0xb7c4c391 in msg_list_dup_one () from /usr/lib/libsofia-sip-ua.so.0
> #3  0xb7c41f2b in msg_header_dup_as () from /usr/lib/libsofia-sip-ua.so.0
> #4  0xb7c8709a in nhp_merge_lists () from /usr/lib/libsofia-sip-ua.so.0
> #5  0xb7c8652d in nhp_set_tags () from /usr/lib/libsofia-sip-ua.so.0
> #6  0xb7c8576f in nua_stack_set_params () from /usr/lib/libsofia-sip-ua.so.0
> #7  0xb7c7a078 in nua_stack_signal () from /usr/lib/libsofia-sip-ua.so.0
> #8  0xb7ccf425 in su_base_port_execute_msgs () from 
> /usr/lib/libsofia-sip-ua.so.0
> #9  0xb7ccf1bd in su_base_port_getmsgs () from /usr/lib/libsofia-sip-ua.so.0
> #10 0xb7ccf4ff in su_base_port_run () from /usr/lib/libsofia-sip-ua.so.0
> #11 0xb7ccc7c7 in su_port_run () from /usr/lib/libsofia-sip-ua.so.0
> #12 0xb7ccc7a2 in su_root_run () from /usr/lib/libsofia-sip-ua.so.0
> #13 0xb7cd0000 in su_pthread_port_clone_main () from 
> /usr/lib/libsofia-sip-ua.so.0
>
>
> Does somebody know if that is really a bug of sofia-sip, or it is a bug of 
> DUMA? Is there any possibility to ignore that memccpy "mistake"?


Perhaps DUMA checks memccpy parameters, so you could apply the patch
below and see if that changes anything:

--- old-sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c 2009-07-02
19:41:59.000000000 +0300
+++ new-sofia-sip/libsofia-sip-ua/msg/msg_parser_util.c 2009-07-02
19:41:59.000000000 +0300
@@ -539,7 +539,7 @@
   b += sizeof(*pp) * MSG_PARAMS_NUM(n + 1);

   for (i = 0; s[i]; i++) {
-    MSG_STRING_DUP(b, pp[i], s[i]);
+    MSG_STRING_DUP2(b, pp[i], s[i], e);
   }
   pp[i] = NULL;


--- old-sofia-sip/libsofia-sip-ua/msg/sofia-sip/msg_parser.h    2009-07-02
19:41:59.000000000 +0300
+++ new-sofia-sip/libsofia-sip-ua/msg/sofia-sip/msg_parser.h    2009-07-02
19:41:59.000000000 +0300
@@ -206,6 +206,10 @@
   (void)((s)?((p)=(char*)memccpy((void *)((d)=(char*)p),(s),0,INT_MAX))\
            :((d)=NULL))

+#define MSG_STRING_DUP2(p, d, s, e)                                    \
+  (void)((s)?((p)=(char*)memccpy((void *)((d)=(char*)p),(s),0,(e)-(d)))        
\
+           :((d)=NULL))
+
 /* Solaris has broken memccpy - it considers last argument as signed */

 /** Calculate string size. @HI */

-- 
Pekka.Pessi mail at nokia.com

------------------------------------------------------------------------------
_______________________________________________
Sofia-sip-devel mailing list
Sofia-sip-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel

Re: [Sofia-sip-devel] sofia-sip debugging with DUMA

Reply via email to