< Previous by Date | Date Index | Next by Date > |
< Previous in Thread | Thread Index |
Best regards, Byron Campen
Hello all,I think resiprocate-0.9.0-5019 has an array overflow bug affecting CommaEncoding and similar arrays inside the Headers class. This bug is easy to reproduce as shown below. I have come up with two possible ways of fixing the bug but I'd like to know what other developers on the list think.Thanks, Jorge BEGIN: Steps to reproduce array overflow bug ------------------------------------------------------------ STEP 1) Modify "Headers::isCommaEncoding" as follows: bool Headers::isCommaEncoding(Type type) { if(type+1 >= sizeof(CommaEncoding)) { std::cout << "OUT_OF_RANGE_ERROR:" << " (int)type+1 = " << (int)type+1<< " sizeof(CommaEncoding) = " << sizeof (CommaEncoding)<< std::endl; assert(false); } return CommaEncoding[type+1]; } ------------------------------------------------------------ STEP 2) Run "resiprocate/test/testSipMessage" ------------------------------------------------------------ STEP 3) Program fails as follows: OUT_OF_RANGE_ERROR: (int)type+1 = 79 sizeof(CommaEncoding) = 78 Assertion failed: false, file Headers.cxx, line 40 Abort (core dumped) ------------------------------------------------------------ STEP 4) Minimum code required to duplicate error is as follows: int main(int argc, char** argv) { SipMessage m; UnknownHeaderType h("tweedle-dee"); m.header(h).push_back(StringCategory("Joe")); m.header(h).push_back(StringCategory("Banks")); const Data d(Data::from(m)); std::cout << "d = [" << d << "]" << std::endl; return 0; } ------------------------------------------------------------ END: Steps to reproduce array overflow bug _______________________________________________ resiprocate-devel mailing list resiprocate-devel@xxxxxxxxxxxxxxxxxxx https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
Attachment:
smime.p7s
Description: S/MIME cryptographic signature