asterisk 1.6 crash at incoming isdn call on 64 bit system
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isdnutils (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libcapi20-3
Release: 9.10
Compiler: gcc 4.4.1 (Ubuntu 4.4.1-4ubuntu9)
libcapi20-3:
Installiert: 1:3.12.
Kandidat: 1:3.12.
Asterisk crashes due to problem in libcapi20-3
crash in capi20.c
=> unsigned capi20_put_message (unsigned ApplID, unsigned char *Msg) ...
=> ... memcpy(sndbuf+len, dataptr, datalen);
reason:
dataptr is currupt
resolution:
file: capiutils.h
modify
#define CAPIMSG_U64(m, off) (((_cqword)
to
#define CAPIMSG_U64(m, off) ((((_cqword)
I am not sure why, but the compiler seems to handle signed values instead of unsigned values as expected. It fills up the upper half of the result value (unsigned long long) with 0xff if the highest bit of the lower long value is set. This results in an invalid address. The and operation (& 0xffffffff) prevents these unwanted invalid bits.
This does not only affect asterisk. Also other programs with handcrafted DATA_B3_REQ crash on amd64. My workaround was a little bit different to indicate an unsigned value to gcc-4.4.1
#define CAPIMSG_U32(m, off) ((_cdword) (m[off] |(m[(off) +1]<<8) |(m[(off) +2]<<16) |(m[(off) +3]<<24) ))
This seems to be compiler dependent. It does not occurr with gcc-4.8.1. Of course fixing #420918 would make this bug obsolete.