[sr-dev] [kamailio/kamailio] cfg_rpc updates changing variable values to large random numbers (#1583)
vinesinha
notifications at github.com
Thu Jul 5 00:14:04 CEST 2018
I was trying to do a cfg_rpc update on a variable and some of the times, the variable would take on randomly large values or negative values.
The -1 here is probably causing issues.
https://github.com/kamailio/kamailio/blob/1d53ea3dba4e59b05b2e92ecc973c44159b9bb36/src/core/cfg/cfg_struct.c#L625
Here's an explanation of what's going on (debugged using gdb). In cfg_struc.c if you put a breakpoint in the following line in cfg_clone_global
https://github.com/kamailio/kamailio/blob/1d53ea3dba4e59b05b2e92ecc973c44159b9bb36/src/core/cfg/cfg_struct.c#L631
checking variable values:
```
--- Old (correct) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172))
$33 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 0)
$34 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 1)
$35 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 2)
$36 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 3)
$37 = 0 '\000'
--- new (corrupt) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((block)->vars + 984)) + 172))
$28 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 0)
$29 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 1)
$30 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 2)
$31 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 3)
$32 = 130 '\202'
```
As visible, the last byte is getting corrupted.
I checked the memory allocation variables:
```
--> cfg_block_size
(gdb) print cfg_block_size
$2 = 1156
--> sizeof(cfg_block_t)
print sizeof(cfg_block_t)
$15 = 8
```
This means that total memory assigned = 8 + 1156 -(1) = 1163
```
--> address of new block
(gdb) print (void *) block
$12 = (void *) 0x7f63086b6758
--> address of the corrupted variable in the new block
(gdb) print (void *)(((unsigned char *)((block)->vars + 984)) + 172)
$13 = (void *) 0x7f63086b6be0
--> offset of the variable from the block start
(gdb) print 0x7f63086b6be0 - 0x7f63086b6758
$14 = 1160
```
since the variable is an integer, memory that should be assigned = 1160 + 4 = 1164
However, we're assigning 1163.
Therefore the last byte is getting corrupted.
Does it make sense to remove the -1 from all the memory allocation in cfg_struct ?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1583
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180704/b9a72f3b/attachment.html>
More information about the sr-dev
mailing list