[SR-Users] [PATCH] pv: make set_var_value handle overlapping memory
Daniel-Constantin Mierla
miconda at gmail.com
Thu May 16 10:06:00 CEST 2013
Hello,
I pushed a patch for fixing this issue on master branch -- can you test
and report if works fine for you now?
Cheers,
Daniel
On 5/3/13 1:07 AM, Daniel-Constantin Mierla wrote:
> Hello,
>
> this patch is fixing only for $var(...), but there are other variables
> that can be in the same situation. All PV-set functions have to be
> updated as well as could be the case for config interpreter and some
> core functions.
>
> Anyhow, going for an possible unoptimized operation all the time is
> not recommended. It should be fixed where it creates the problem, not
> restrict everything to something that avoids the problem.
>
> Cheers,
> Daniel
>
> On 5/2/13 7:57 PM, Martin Mikkelsen wrote:
>> set_var_value() may do memory corruption when a variable is set to the
>> substring of the same variable, this is atleast the case with the
>> s.substr, s.select, s.strip and s.striptail transformation functions
>> which just updates the pointer to its input buffer.
>>
>> As an example, this would trigger a warning in valgrind and memory
>> corruption because the memory areas overlap:
>>
>> $var(x) = $(var(x){s.substr,1,0});
>>
>> Fix this by using memove() to do the copying instead of strncpy(), also
>> fix the add_var() function, there is no point in using strncpy when we
>> allready know the length of the variable so use memcpy() instead.
>> ---
>> modules/pv/pv_svar.c | 7 +++++--
>> 1 files changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/modules/pv/pv_svar.c b/modules/pv/pv_svar.c
>> index bb76a1d..7ea01d0 100644
>> --- a/modules/pv/pv_svar.c
>> +++ b/modules/pv/pv_svar.c
>> @@ -66,7 +66,7 @@ script_var_t* add_var(str *name)
>> return 0;
>> }
>> it->name.len = name->len;
>> - strncpy(it->name.s, name->s, name->len);
>> + memcpy(it->name.s, name->s, name->len);
>> it->name.s[it->name.len] = '\0';
>> it->next = script_vars;
>> @@ -119,7 +119,10 @@ script_var_t* set_var_value(script_var_t* var,
>> int_str *value, int flags)
>> }
>> var->v.flags |= VAR_VAL_STR;
>> }
>> - strncpy(var->v.value.s.s, value->s.s, value->s.len);
>> + if (var->v.value.s.s != value->s.s)
>> + {
>> + memmove(var->v.value.s.s, value->s.s, value->s.len);
>> + }
>> var->v.value.s.len = value->s.len;
>> var->v.value.s.s[value->s.len] = '\0';
>> } else {
>
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, San Francisco, USA - June 24-27, 2013
* http://asipto.com/u/katu *
More information about the sr-users
mailing list