| < Previous by Date | Date Index | Next by Date > |
| < Previous in Thread | Thread Index |
Dear resiprocate devels,
resiprocate version - 1.8.8
I have met dns crash.
Please consider next stack:
#0 0x00007fe3fdc18d81 in read_tcp_data (channel=0x1f18a80, server_idx=0, read_fds=<value optimized out>, now=1377154450) at ares_process.c:274
#1 0x00007fe3fdc19147 in ares_process_poll (channel=0x1f18a80, server_idx=0, rdFd=35, wrFd=<value optimized out>, now=1377154450) at ares_process.c:102
#2 0x00007fe3fe18d344 in resip::AresDnsPollItem::processPollEvent (this=0x7fe3a00092d0, mask=<value optimized out>) at dns/AresDns.cxx:85
#3 0x00007fe3fe18352d in resip::FdPollGrp::processItem (this=<value optimized out>, item=<value optimized out>, mask=<value optimized out>) at FdPoll.cxx:65
#4 0x00007fe3fe184159 in resip::FdPollImplEpoll::epollWait (this=0x21a6530, waitMs=0) at FdPoll.cxx:855
#5 0x00007fe3fe1844da in resip::FdPollImplEpoll::waitAndProcess (this=0x21a6530, ms=<value optimized out>) at FdPoll.cxx:768
#6 0x00007fe3fe197b0e in resip::DnsThread::thread (this=0x216d3f0) at dns/DnsThread.cxx:33
#7 0x00007fe3fe187e3a in threadIfThreadWrapper (threadParm=<value optimized out>) at ThreadIf.cxx:51
#8 0x00007fe3ff717851 in start_thread (arg=0x7fe3e97fb700) at pthread_create.c:301
#9 0x00007fe3f983f11d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
As I can see read_tcp_data does not check fd_set on NULL and tries to dereference it. Also I have noticed that similar function read_udp_packets,which follows
read_tcp_data, does that check. It looks like when read_tcp_data became used with epoll( instead of select ) someone forgot to add verification of passed fd_set pointer.
Sincerely,
Taras Shypytiak.
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@resiprocate.org
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel