Description

Kamailio (744bc8f) compiled with ASAN.
During the start, I got the message

 0(52607) INFO: <core> [core/tcp_main.c:4997]: init_tcp(): using epoll_lt as the io watch method (auto detected)
 0(52607) WARNING: <core> [core/daemonize.c:348]: daemonize(): pid file contains old pid, replacing pid
 0(52607) INFO: cfgutils [cfgutils.c:869]: mod_init(): no hash_file given, disable hash functionality
=================================================================
==52607==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffffc6e64058 at pc 0x000000d02d10 bp 0xffffc6e63dc0 sp 0xffffc6e63de0
READ of size 4 at 0xffffc6e64058 thread T0
    #0 0xd02d0f in fixup_get_param_type core/sr_module.c:1061
    #1 0xd13a33 in fixup_var_pve_str_12 core/sr_module.c:1474
    #2 0xffffa8ca8203 in redirect_init /usr/src/debug/kamailio-5.6.0-dev2.0.el8.centos.aarch64/src/modules/uac_redirect/uac_redirect.c:278
    #3 0xd0021f  (/usr/sbin/kamailio+0xd0021f)
    #4 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #5 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #6 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #7 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #8 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #9 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #10 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #11 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #12 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #13 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #14 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #15 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #16 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #17 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #18 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #19 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #20 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #21 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #22 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #23 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #24 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #25 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #26 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #27 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #28 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #29 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #30 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #31 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #32 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #33 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #34 0xcfefef  (/usr/sbin/kamailio+0xcfefef)
    #35 0xd015ab in init_modules (/usr/sbin/kamailio+0xd015ab)

    #36 0x49fa6b in main (/usr/sbin/kamailio+0x49fa6b)
    #37 0xfffface10de3 in __libc_start_main (/lib64/libc.so.6+0x20de3)
    #38 0x4204eb  (/usr/sbin/kamailio+0x4204eb)

Address 0xffffc6e64058 is located in stack of thread T0 at offset 88 in frame
    #0 0xffffa8ca70e7 in redirect_init /usr/src/debug/kamailio-5.6.0-dev2.0.el8.centos.aarch64/src/modules/uac_redirect/uac_redirect.c:265

  This frame has 8 object(s):
    [32, 40) 'filter'
    [96, 104) 'p' <== Memory access at offset 88 underflows this variable
    [160, 224) '__kld'
    [256, 320) '__kld'
    [352, 416) '__kld'
    [448, 512) '__kld'
    [544, 608) '__kld'
    [640, 704) '__kld'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow core/sr_module.c:1061 in fixup_get_param_type
Shadow bytes around the buggy address:
  0x200ff8dcc7b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ff8dcc7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200ff8dcc7d0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
  0x200ff8dcc7e0: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x200ff8dcc7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200ff8dcc800: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2[f2]00 f2 f2 f2
  0x200ff8dcc810: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
  0x200ff8dcc820: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
  0x200ff8dcc830: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00
  0x200ff8dcc840: f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
  0x200ff8dcc850: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==52607==ABORTING

I do not know this is important or not.
ASAN reports

HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.