[SR-Users] FW: (Devel) Segmentation fault using pua_dialoginfo

Daniel-Constantin Mierla miconda at gmail.com
Wed May 16 19:30:39 CEST 2012 

Hello,

On 5/16/12 4:20 PM, Marius Zbihlei wrote:
> On 05/16/2012 03:02 PM, Charles Chance wrote:
>>>>
>>>> Currently testing devel version and experiencing the following when 
>>>> using pua_dialoginfo:
>>>>
>>>> -------------------------------------
>>>>
>>>> Program terminated with signal 11, Segmentation fault.
>>>>
>>>> #0  core_hash (t=0xb3d7e330, type=1024, ps=0xbfcc31c8) at 
>>>> ../../hashes.h:279
>>>>
>>>> 279 v=(*p<<24)+(p[1]<<16)+(p[2]<<8)+p[3];
>>>>
>>>>
> Hello,
> Don't know if this is related, but the statement above hides a nasty 
> bug: p[1] is a char (as for the description), so is signed, shifting 
> to the left 16 bits is ok, as an integral promotion takes place. The 
> problem is that if p[1] is negative (-1 is 0xff), then the integral 
> promotion is signed as well and is complementary of 2 (or whatever the 
> implementation considers), and the shift will return another value as 
> expected.
>
> For example :
> #include <stdio.h>
>
> int main(){
>     char b = 0xff;
>     unsigned h = (b<<16);
>     printf("%x\n", h);
>     return 0;
> }
>
> will print ffff0000 instead of ff0000 as expected. Haven't calculated 
> the implication of this related to the bug. An fix would be to cast 
> p[1] to (unsigned char)

the expression is part of computing the hash code from a string. So it 
should not be a cause for crash if it is signed or not. Important is 
that for same string, the same hash code is returned.

Cheers,
Daniel


>
> Cheers,
> Marius
>
>
>
>
> -- 
> Zbihlei Marius
>
> Head of
> Linux Development Services Romania
>
> 1&1 Internet Development srl    Tel KA: 754-9152
> Str Mircea Eliade 18            Tel RO: +40-31-223-9152
> Sect 1, Bucuresti               mailto:marius.zbihlei at 1and1.ro
> 71295, Romania
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120516/8feefdcb/attachment-0001.htm>

More information about the sr-users mailing list