sipsak 0.9.6-r1 segfault
GNU gdb (GDB) 7.6.2 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-alpine-linux-musl". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/bin/sipsak...done. (gdb) xt Undefined command: "xt". Try "help". (gdb) (gdb) handle SIG33 pass nostop noprint Undefined command: "". Try "help". (gdb) handle SIG33 pass nostop noprint Signal Stop Print Pass to program Description SIG33 No No Yes Real-time event 33 (gdb) set pagination 0 (gdb) run v -U -x 86400 -s sip:@10.10.10.10 -b 10000 -e 11000 -a test123 Starting program: /usr/bin/sipsak v -U -x 86400 -s sip:@10.252.253.162 -b 10000 -e 11000 -a test123 warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages! warning: no loadable sections found in added symbol-file system-supplied DSO at 0x72b5c3366000 warning: ignoring -i option when in usrloc mode
Program received signal SIGSEGV, Segmentation fault.
0x000072b5c3101c2f in __intscan (f=f@entry=0x794d05a28ad0, base=base@entry=10, pok=pok@entry=1, lim=lim@entry=9223372036854775808) at src/internal/intscan.c:36
36 src/internal/intscan.c: No such file or directory.
(gdb) backtrace full
#0 0x000072b5c3101c2f in __intscan (f=f@entry=0x794d05a28ad0, base=base@entry=10, pok=pok@entry=1, lim=lim@entry=9223372036854775808) at src/internal/intscan.c:36
c = <optimized out>
neg = 0
x = <optimized out>
y = <optimized out>
#1 0x000072b5c3132ad2 in strtox (s=0x5a29d7f <Address 0x5a29d7f out of bounds>, p=0x0, base=10, lim=9223372036854775808) at src/stdlib/strtol.c:21
f = {flags = 0, rpos = 0x5a29d80 <Address 0x5a29d80 out of bounds>, rend = 0x8000000005a29d7e <Address 0x8000000005a29d7e out of bounds>, close = 0x0, wend = 0x794dffffffff <Address 0x794dffffffff out of bounds>, wpos = 0x7 <Address 0x7 out of bounds>, mustbezero_1 = 0x9d2000001c8 <Address 0x9d2000001c8 out of bounds>, wbase = 0x0, read = 0x0, write = 0x0, seek = 0x0, buf = 0x5a29d7f <Address 0x5a29d7f out of bounds>, buf_size = 10799068465648, prev = 0x1c8, next = 0x9d25aa3ca10 <cdata>, fd = 1520683504, pipe_pid = 2514, lockcount = 133371713985640, dummy3 = -13920, mode = -93 '\243', lbf = 90 'Z', lock = -1, waiters = 94543408, cookie = 0x9d25a8351c8 <recv_message+1113>, off = 456, getln_buf = 0x9d25aa3c980 <counters> "\001", mustbezero_2 = 0x7, shend = 0x8000000005a29d7e <Address 0x8000000005a29d7e out of bounds>, shlim = 0, shcnt = 9223372036854775807, prev_locked = 0x10, next_locked = 0x72b5c313397f <strncasecmp+52>}
y = 94543231
#2 0x000009d25a8310bf in str_to_int ()
No symbol table info available.
#3 0x000009d25a8306e1 in cseq ()
No symbol table info available.
#4 0x000009d25a833f60 in shoot ()
No symbol table info available.
#5 0x000009d25a82e989 in main ()
No symbol table info available.
(gdb) info registers
rax 0x5a29d7f 94543231
rbx 0x794d05a28ad0 133371713981136
rcx 0x8000000000000000 -9223372036854775808
rdx 0x5a29d80 94543232
rsi 0xa 10
rdi 0x794d05a28ad0 133371713981136
rbp 0xa 0xa
rsp 0x794d05a28a70 0x794d05a28a70
r8 0xfefefefefefefeff -72340172838076673
r9 0x72b5c336a050 126124989784144
r10 0x0 0
r11 0x9d25e4e2de0 10799129964000
r12 0x794d05a28ad0 133371713981136
r13 0x8000000000000000 -9223372036854775808
r14 0x1 1
r15 0x9d25aa3c728 10799068464936
rip 0x72b5c3101c2f 0x72b5c3101c2f <__intscan+55>
eflags 0x10a83 [ CF SF IF OF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) x/16i $pc
=> 0x72b5c3101c2f <__intscan+55>: movzbl (%rax),%esi
0x72b5c3101c32 <__intscan+58>: jmp 0x72b5c3101c3f <__intscan+71>
0x72b5c3101c34 <__intscan+60>: mov %rbx,%rdi
0x72b5c3101c37 <__intscan+63>: callq 0x72b5c3102139 <__shgetc>
0x72b5c3101c3c <__intscan+68>: movslq %eax,%rsi
0x72b5c3101c3f <__intscan+71>: lea -0x9(%rsi),%eax
0x72b5c3101c42 <__intscan+74>: cmp $0x4,%eax
0x72b5c3101c45 <__intscan+77>: jbe 0x72b5c3101c1a <__intscan+34>
0x72b5c3101c47 <__intscan+79>: cmp $0x20,%esi
0x72b5c3101c4a <__intscan+82>: je 0x72b5c3101c1a <__intscan+34>
0x72b5c3101c4c <__intscan+84>: cmp $0x2d,%esi
0x72b5c3101c4f <__intscan+87>: sete %al
0x72b5c3101c52 <__intscan+90>: je 0x72b5c3101c5c <__intscan+100>
0x72b5c3101c54 <__intscan+92>: xor %r12d,%r12d
0x72b5c3101c57 <__intscan+95>: cmp $0x2b,%esi
0x72b5c3101c5a <__intscan+98>: jne 0x72b5c3101c88 <__intscan+144>
(gdb) thread apply all backtrace
Thread 1 (process 24607):
#0 0x000072b5c3101c2f in __intscan (f=f@entry=0x794d05a28ad0, base=base@entry=10, pok=pok@entry=1, lim=lim@entry=9223372036854775808) at src/internal/intscan.c:36
#1 0x000072b5c3132ad2 in strtox (s=0x5a29d7f <Address 0x5a29d7f out of bounds>, p=0x0, base=10, lim=9223372036854775808) at src/stdlib/strtol.c:21
#2 0x000009d25a8310bf in str_to_int ()
#3 0x000009d25a8306e1 in cseq ()
#4 0x000009d25a833f60 in shoot ()
#5 0x000009d25a82e989 in main ()
(from redmine: issue id 3750, created on 2015-01-26, closed on 2015-01-30)
- Changesets:
- Revision 5a679b88 by Natanael Copa on 2015-01-27T08:17:53Z:
main/sipsak: enable -dbg
ref #3750
- Revision e4e81d1b by Natanael Copa on 2015-01-27T08:55:17Z:
main/sipsak: fix segfault due to use of strcasestr without _GNU_SOURCE
Also fix off-by-one errors while at it which was found:
https://github.com/sipwise/sipsak/commit/bf9d2417a1e73697873a5f5099dac4bb3eb4b2d9
ref #3750
- Revision 32a00297 by Natanael Copa on 2015-01-27T08:56:36Z:
main/sipsak: enable -dbg
ref #3750
(cherry picked from commit 5a679b880f979e4fce37612c51b3f342b18deba3)
- Revision a5e3441a by Natanael Copa on 2015-01-27T08:56:52Z:
main/sipsak: fix segfault due to use of strcasestr without _GNU_SOURCE
Also fix off-by-one errors while at it which was found:
https://github.com/sipwise/sipsak/commit/bf9d2417a1e73697873a5f5099dac4bb3eb4b2d9
fixes #3750
(cherry picked from commit e4e81d1b04308e8fca49211412d0ae4a47cdfe3b)