Bug#961434: baresip-core: stack smashing detected with evdev module
Bernhard Übelacker
bernhardu at mailbox.org
Thu Oct 15 18:55:29 BST 2020
Dear Maintainer,
I could reproduce a stack smashing using the evdev module and as far
as I see it is triggered because of the wrong memory size given to
an ioctl in [1] giving the backtrace in [3].
A brief read of [2] suggests to give instead of EV_MAX the size in bytes
really available. And a package built with attached patch does not
show the stack smashing anymore.
This stack smashing can also be seen in the current testing version.
Kind regards,
Bernhard
[1] https://github.com/baresip/baresip/blob/master/modules/evdev/print.c#L49
[2] https://stackoverflow.com/questions/14273129/smashed-stack-when-iterating-over-int-pointers
[3]
(gdb) bt
#0 0x00007ffff7714427 in ioctl () at ../sysdeps/unix/syscall-template.S:78
#1 0x00007ffff7fc4adf in print_events (fd=<optimized out>) at modules/evdev/print.c:49
#2 0x00007ffff7fc492a in evdev_alloc (stp=0x7ffff7fca198 <evdev>, dev=0x7ffff7fca100 <evdev_device> "/dev/input/event0") at modules/evdev/evdev.c:251
#3 module_init () at modules/evdev/evdev.c:325
#4 0x00007ffff7f93f82 in mod_load (mp=mp at entry=0x7fffffffd0d8, name=name at entry=0x7fffffffd0e0 "/usr/lib/baresip/modules/evdev.so") at src/mod/mod.c:137
#5 0x000055555556ce86 in load_module (modp=modp at entry=0x0, modpath=<optimized out>, name=0x7fffffffe120) at src/module.c:88
#6 0x000055555556cf9e in module_handler (val=<optimized out>, arg=<optimized out>) at src/module.c:105
#7 0x00007ffff7f94811 in conf_apply (conf=conf at entry=0x5555555ac760, name=name at entry=0x5555555790c2 "module", ch=ch at entry=0x55555556cf90 <module_handler>, arg=arg at entry=0x7fffffffe380) at src/conf/conf.c:285
#8 0x000055555556d0c1 in module_init (conf=0x5555555ac760) at src/module.c:151
#9 0x0000555555569950 in conf_modules () at src/conf.c:385
#10 0x000055555555f467 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:242
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1003_Use_right_size_for_ioctl.patch
Type: text/x-patch
Size: 571 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20201015/3eaae47a/attachment-0001.bin>
-------------- next part --------------
# Unstable amd64 qemu VM 2020-10-14
apt update
apt dist-upgrade
apt install systemd-coredump mc htop fakeroot gdb rr baresip baresip-core-dbgsym libre0-dbgsym
apt build-dep libre0
apt build-dep baresip
echo 1 > /proc/sys/kernel/perf_event_paranoid
mkdir /home/benutzer/source/libre0/orig -p
cd /home/benutzer/source/libre0/orig
apt source libre0
cd
mkdir /home/benutzer/source/baresip-core/orig -p
cd /home/benutzer/source/baresip-core/orig
apt source baresip-core
cd
mc -e /home/benutzer/.baresip/accounts
# configure account
baresip
d
sip:00000000000 at fritz.box
benutzer at debian:~$ baresip
baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al.
Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456
aucodec: PCMU/8000/1
aucodec: PCMA/8000/1
ausrc: alsa
auplay: alsa
medianat: stun
medianat: turn
medianat: ice
Populated 1 account
Populated 3 contacts
Populated 2 audio codecs
Populated 0 audio filters
Populated 0 video codecs
Populated 0 video filters
baresip is ready.
> sip:00000000000 at fritz.box
ua: using best effort AF: af=AF_INET
call: connecting to 'sip:00000000000 at fritz.box'..
*** stack smashing detected ***: terminated
Abgebrochen (Speicherabzug geschrieben)
root at debian:~# journalctl -e
...
Okt 14 17:49:57 debian systemd[1]: Started Process Core Dump (PID 11453/UID 0).
Okt 14 17:49:58 debian systemd-coredump[11454]: Process 11451 (baresip) of user 1000 dumped core.
Stack trace of thread 11451:
#0 0x00007f7c802e8c41 __GI_raise (libc.so.6 + 0x3bc41)
#1 0x00007f7c802d2537 __GI_abort (libc.so.6 + 0x25537)
#2 0x00007f7c8032b6c8 __libc_message (libc.so.6 + 0x7e6c8)
#3 0x00007f7c803ba5b2 __GI___fortify_fail (libc.so.6 + 0x10d5b2)
#4 0x00007f7c803ba590 __stack_chk_fail (libc.so.6 + 0x10d590)
#5 0x000055ccf95ed3da call_connect (baresip + 0x143da)
#6 0x000055ccf95fb35c ua_connect (baresip + 0x2235c)
#7 0x00007f7c7fdb9e1f n/a (menu.so + 0x4e1f)
#8 0x000055ccf95efaa6 n/a (baresip + 0x16aa6)
#9 0x00007f7c8067348a n/a (stdio.so + 0x148a)
#10 0x00007f7c8063f2dc n/a (libre.so.0 + 0x562dc)
#11 0x00007f7c8063fd52 re_main (libre.so.0 + 0x56d52)
#12 0x000055ccf95e552f main (baresip + 0xc52f)
#13 0x00007f7c802d3cca __libc_start_main (libc.so.6 + 0x26cca)
#14 0x000055ccf95e56ba _start (baresip + 0xc6ba)
Okt 14 17:49:58 debian systemd[1]: systemd-coredump at 2-11453-0.service: Succeeded.
root at debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Wed 2020-10-14 17:49:58 CEST 11451 1000 1000 6 present /usr/bin/baresip
root at debian:~# coredumpctl gdb 11451
PID: 11451 (baresip)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 6 (ABRT)
Timestamp: Wed 2020-10-14 17:49:57 CEST (1min 59s ago)
Command Line: baresip
Executable: /usr/bin/baresip
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: fe84f9f9a76c41579997c01650b8a93d
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage: /var/lib/systemd/coredump/core.baresip.1000.fe84f9f9a76c41579997c01650b8a93d.11451.1602690597000000.zst
Message: Process 11451 (baresip) of user 1000 dumped core.
Stack trace of thread 11451:
#0 0x00007f7c802e8c41 __GI_raise (libc.so.6 + 0x3bc41)
#1 0x00007f7c802d2537 __GI_abort (libc.so.6 + 0x25537)
#2 0x00007f7c8032b6c8 __libc_message (libc.so.6 + 0x7e6c8)
#3 0x00007f7c803ba5b2 __GI___fortify_fail (libc.so.6 + 0x10d5b2)
#4 0x00007f7c803ba590 __stack_chk_fail (libc.so.6 + 0x10d590)
#5 0x000055ccf95ed3da call_connect (baresip + 0x143da)
#6 0x000055ccf95fb35c ua_connect (baresip + 0x2235c)
#7 0x00007f7c7fdb9e1f n/a (menu.so + 0x4e1f)
#8 0x000055ccf95efaa6 n/a (baresip + 0x16aa6)
#9 0x00007f7c8067348a n/a (stdio.so + 0x148a)
#10 0x00007f7c8063f2dc n/a (libre.so.0 + 0x562dc)
#11 0x00007f7c8063fd52 re_main (libre.so.0 + 0x56d52)
#12 0x000055ccf95e552f main (baresip + 0xc52f)
#13 0x00007f7c802d3cca __libc_start_main (libc.so.6 + 0x26cca)
#14 0x000055ccf95e56ba _start (baresip + 0xc6ba)
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/baresip...
(No debugging symbols found in /usr/bin/baresip)
[New LWP 11451]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `baresip'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f7c802d2537 in __GI_abort () at abort.c:79
#2 0x00007f7c8032b6c8 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f7c80439c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007f7c803ba5b2 in __GI___fortify_fail (msg=msg at entry=0x7f7c80439c10 "stack smashing detected") at fortify_fail.c:26
#4 0x00007f7c803ba590 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x000055ccf95ed3da in call_connect ()
#6 0x000055ccf95fb35c in ua_connect ()
#7 0x00007f7c7fdb9e1f in ?? () from /usr/lib/baresip/modules/menu.so
#8 0x000055ccf95efaa6 in ?? ()
#9 0x00007f7c8067348a in ?? () from /usr/lib/baresip/modules/stdio.so
#10 0x00007f7c8063f2dc in ?? () from /lib/x86_64-linux-gnu/libre.so.0
#11 0x00007f7c8063fd52 in re_main () from /lib/x86_64-linux-gnu/libre.so.0
#12 0x000055ccf95e552f in main ()
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f7c802d2537 in __GI_abort () at abort.c:79
#2 0x00007f7c8032b6c8 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f7c80439c28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007f7c803ba5b2 in __GI___fortify_fail (msg=msg at entry=0x7f7c80439c10 "stack smashing detected") at fortify_fail.c:26
#4 0x00007f7c803ba590 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x000055ccf95ed3da in call_connect (call=<optimized out>, paddr=paddr at entry=0x7ffeebb3b790) at src/call.c:953
#6 0x000055ccf95fb35c in ua_connect (ua=0x55ccfb323a10, callp=callp at entry=0x0, from_uri=from_uri at entry=0x0, req_uri=req_uri at entry=0x55ccfb328830 "sip:00000000000 at fritz.box", vmode=vmode at entry=VIDMODE_ON) at src/ua.c:928
#7 0x00007f7c7fdb9e1f in dial_handler (pf=<optimized out>, arg=0x7ffeebb3b870) at modules/menu/menu.c:266
#8 0x000055ccf95efaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f7c80676020 <pf_stderr>, cmd=0x7f7c7fdbe8c0 <cmdv+96>) at src/cmd.c:293
#9 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389
#10 0x000055ccf95eff74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf at entry=0x7f7c80676020 <pf_stderr>, data=data at entry=0x0) at src/cmd.c:539
#11 0x000055ccf95fcfe0 in ui_input_key (uis=<optimized out>, key=key at entry=10 '\n', pf=pf at entry=0x7f7c80676020 <pf_stderr>) at src/ui.c:66
#12 0x00007f7c8067348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66
#13 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90
#14 0x00007f7c8063f2dc in fd_poll (re=re at entry=0x7f7c8066b0e0 <global_re>) at src/main/main.c:896
#15 0x00007f7c8063fd52 in re_main (signalh=0x55ccf95ffbd0 <signal_handler>) at src/main/main.c:1030
#16 0x000055ccf95e552f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301
benutzer at debian:~$ rr baresip
rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/baresip-0'.
baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al.
Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456
aucodec: PCMU/8000/1
aucodec: PCMA/8000/1
ausrc: alsa
auplay: alsa
medianat: stun
medianat: turn
medianat: ice
Populated 1 account
Populated 3 contacts
Populated 2 audio codecs
Populated 0 audio filters
Populated 0 video codecs
Populated 0 video filters
baresip is ready.
> sip:00000000000 at fritz.box
ua: using best effort AF: af=AF_INET
call: connecting to 'sip:00000000000 at fritz.box'..
*** stack smashing detected ***: terminated
Abgebrochen
benutzer at debian:~$ rr replay /home/benutzer/.local/share/rr/baresip-0
GNU gdb (Debian 9.2-1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/baresip...
Reading symbols from /usr/lib/debug/.build-id/f5/b31e57d03509198192630b33f7b84332e3db4d.debug...
Really redefine built-in command "restart"? (y or n) [answered Y; input not from terminal]
Remote debugging using 127.0.0.1:15367
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from /usr/lib/debug/.build-id/73/b5f3f35d011747d94a91cce4412ca4545451e2.debug...
0x00007f9dc0c9b090 in _start () from /lib64/ld-linux-x86-64.so.2
(rr) set width 0
(rr) set pagination off
(rr) display/i $pc
1: x/i $pc
=> 0x7f9dc0c9b090 <_start>: mov %rsp,%rdi
(rr) directory /home/benutzer/source/libre0/orig/libre-1.1.0
Source directories searched: /home/benutzer/source/libre0/orig/libre-1.1.0:$cdir:$cwd
(rr) directory /home/benutzer/source/baresip-core/orig/baresip-1.0.0
Source directories searched: /home/benutzer/source/baresip-core/orig/baresip-1.0.0:/home/benutzer/source/libre0/orig/libre-1.1.0:$cdir:$cwd
(rr) cont
Continuing.
baresip v1.0.0 Copyright (C) 2010 - 2020 Alfred E. Heggestad et al.
Local network address: IPv4=ens4|10.0.2.15 IPv6=ens4|fec0::5054:ff:fe12:3456
aucodec: PCMU/8000/1
aucodec: PCMA/8000/1
ausrc: alsa
auplay: alsa
medianat: stun
medianat: turn
medianat: ice
Populated 1 account
Populated 3 contacts
Populated 2 audio codecs
Populated 0 audio filters
Populated 0 video codecs
Populated 0 video filters
baresip is ready.
> sip:00000000000 at fritz.box
ua: using best effort AF: af=AF_INET
call: connecting to 'sip:00000000000 at fritz.box'..
*** stack smashing detected ***: terminated
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f9dc08dac41 <__GI_raise+321>: mov 0x108(%rsp),%rax
(rr) bt
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f9dc08c4537 in __GI_abort () at abort.c:79
#2 0x00007f9dc091d6c8 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007f9dc09ac5b2 in __GI___fortify_fail (msg=msg at entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26
#4 0x00007f9dc09ac590 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x0000556a958a83da in call_connect (call=<optimized out>, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:953
#6 0x0000556a958b635c in ua_connect (ua=0x556a95db6940, callp=callp at entry=0x0, from_uri=from_uri at entry=0x0, req_uri=req_uri at entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode at entry=VIDMODE_ON) at src/ua.c:928
#7 0x00007f9dc02a5e1f in dial_handler (pf=<optimized out>, arg=0x7fff4bc3b030) at modules/menu/menu.c:266
#8 0x0000556a958aaaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f9dc0c66020 <pf_stderr>, cmd=0x7f9dc02aa8c0 <cmdv+96>) at src/cmd.c:293
#9 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389
#10 0x0000556a958aaf74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf at entry=0x7f9dc0c66020 <pf_stderr>, data=data at entry=0x0) at src/cmd.c:539
#11 0x0000556a958b7fe0 in ui_input_key (uis=<optimized out>, key=key at entry=10 '\n', pf=pf at entry=0x7f9dc0c66020 <pf_stderr>) at src/ui.c:66
#12 0x00007f9dc0c6348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66
#13 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90
#14 0x00007f9dc0c312dc in fd_poll (re=re at entry=0x7f9dc0c5d0e0 <global_re>) at src/main/main.c:896
#15 0x00007f9dc0c31d52 in re_main (signalh=0x556a958babd0 <signal_handler>) at src/main/main.c:1030
#16 0x0000556a958a052f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301
(rr) reverse-stepi
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 in ../sysdeps/unix/sysv/linux/raise.c
1: x/i $pc
=> 0x7f9dc08dac41 <__GI_raise+321>: mov 0x108(%rsp),%rax
(rr) reverse-finish
Run back to call of #0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
0x00007f9dc08c4532 in __GI_abort () at abort.c:79
79 abort.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f9dc08c4532 <__GI_abort+286>: callq 0x7f9dc08dab00 <__GI_raise>
(rr) reverse-finish
Run back to call of #0 0x00007f9dc08c4532 in __GI_abort () at abort.c:79
__libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
155 ../sysdeps/posix/libc_fatal.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f9dc091d6c3 <__libc_message+595>: callq 0x7f9dc08c4414 <__GI_abort>
(rr) reverse-finish
Run back to call of #0 __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f9dc0a2bc28 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
0x00007f9dc09ac5ad in __GI___fortify_fail (msg=msg at entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26
26 fortify_fail.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f9dc09ac5ad <__GI___fortify_fail+29>: callq 0x7f9dc091d470 <__libc_message>
(rr) reverse-finish
Run back to call of #0 0x00007f9dc09ac5ad in __GI___fortify_fail (msg=msg at entry=0x7f9dc0a2bc10 "stack smashing detected") at fortify_fail.c:26
0x00007f9dc09ac58b in __stack_chk_fail () at stack_chk_fail.c:24
24 stack_chk_fail.c: Datei oder Verzeichnis nicht gefunden.
1: x/i $pc
=> 0x7f9dc09ac58b <__stack_chk_fail+11>: callq 0x7f9dc09ac590 <__GI___fortify_fail>
(rr) reverse-finish
Run back to call of #0 0x00007f9dc09ac58b in __stack_chk_fail () at stack_chk_fail.c:24
0x0000556a958a83d5 in call_connect (call=<optimized out>, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:953
953 err = send_invite(call);
1: x/i $pc
=> 0x556a958a83d5 <call_connect+277>: callq 0x556a9589f8c0 <__stack_chk_fail at plt>
(rr) reverse-finish
Run back to call of #0 0x0000556a958a83d5 in call_connect (call=<optimized out>, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:953
0x0000556a958b6357 in ua_connect (ua=0x556a95db6940, callp=callp at entry=0x0, from_uri=from_uri at entry=0x0, req_uri=req_uri at entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode at entry=VIDMODE_ON) at src/ua.c:928
928 err = call_connect(call, &pl);
1: x/i $pc
=> 0x556a958b6357 <ua_connect+279>: callq 0x556a958a82c0 <call_connect>
(rr) #
(rr) #
(rr) #
(rr) stepi
call_connect (call=0x556a95dbb7a0, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:918
918 {
1: x/i $pc
=> 0x556a958a82c0 <call_connect>: push %r13
(rr) nexti
0x0000556a958a82c2 918 {
1: x/i $pc
=> 0x556a958a82c2 <call_connect+2>: push %r12
(rr) nexti
0x0000556a958a82c4 918 {
1: x/i $pc
=> 0x556a958a82c4 <call_connect+4>: push %rbp
(rr) nexti
0x0000556a958a82c5 918 {
1: x/i $pc
=> 0x556a958a82c5 <call_connect+5>: sub $0xa0,%rsp
(rr) nexti
0x0000556a958a82cc 918 {
1: x/i $pc
=> 0x556a958a82cc <call_connect+12>: mov %fs:0x28,%rax
(rr) nexti
0x0000556a958a82d5 918 {
1: x/i $pc
=> 0x556a958a82d5 <call_connect+21>: mov %rax,0x98(%rsp)
(rr) print/x $rax
$1 = 0xd625094b996e1c00
(rr) print/x $rsp
$2 = 0x7fff4bc3ae80
(rr) display/x *(void**)(0x7fff4bc3ae80+0x98)
2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0x1
(rr) nexti
0x0000556a958a82dd 918 {
1: x/i $pc
=> 0x556a958a82dd <call_connect+29>: xor %eax,%eax
2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0xd625094b996e1c00
(rr) watch *(void**)(0x7fff4bc3ae80+0x98)
Hardware watchpoint 1: *(void**)(0x7fff4bc3ae80+0x98)
(rr) cont
Continuing.
call: connecting to 'sip:00000000000 at fritz.box'..
Hardware watchpoint 1: *(void**)(0x7fff4bc3ae80+0x98)
Old value = (void *) 0xd625094b996e1c00
New value = (void *) 0x0
0x00007f9dc0bf22eb in memset (__len=168, __ch=0, __dest=0x7fff4bc3ae80) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
71 return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
1: x/i $pc
=> 0x7f9dc0bf22eb <sip_addr_decode+123>: rep stos %rax,%es:(%rdi)
2: /x *(void**)(0x7fff4bc3ae80+0x98) = 0x0
(rr) bt
#0 0x00007f9dc0bf22eb in memset (__len=168, __ch=0, __dest=0x7fff4bc3ae80) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
#1 sip_addr_decode (addr=addr at entry=0x7fff4bc3ae80, pl=pl at entry=0x7fff4bc3af50) at src/sip/addr.c:32
#2 0x0000556a958a831c in call_connect (call=0x556a95dbb7a0, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:932
#3 0x0000556a958b635c in ua_connect (ua=0x556a95db6940, callp=callp at entry=0x0, from_uri=from_uri at entry=0x0, req_uri=req_uri at entry=0x556a95dbd5a0 "sip:", '0' <repeats 11 times>, "@fritz.box", vmode=vmode at entry=VIDMODE_ON) at src/ua.c:928
#4 0x00007f9dc02a5e1f in dial_handler (pf=<optimized out>, arg=0x7fff4bc3b030) at modules/menu/menu.c:266
#5 0x0000556a958aaaa6 in cmd_report (data=0x0, mb=<optimized out>, pf=0x7f9dc0c66020 <pf_stderr>, cmd=0x7f9dc02aa8c0 <cmdv+96>) at src/cmd.c:293
#6 cmd_process_edit (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=<optimized out>, data=0x0) at src/cmd.c:389
#7 0x0000556a958aaf74 in cmd_process (commands=<optimized out>, ctxp=<optimized out>, key=<optimized out>, pf=pf at entry=0x7f9dc0c66020 <pf_stderr>, data=data at entry=0x0) at src/cmd.c:539
#8 0x0000556a958b7fe0 in ui_input_key (uis=<optimized out>, key=key at entry=10 '\n', pf=pf at entry=0x7f9dc0c66020 <pf_stderr>) at src/ui.c:66
#9 0x00007f9dc0c6348a in report_key (ui=<optimized out>, key=10 '\n') at modules/stdio/stdio.c:66
#10 ui_fd_handler (flags=<optimized out>, arg=<optimized out>) at modules/stdio/stdio.c:90
#11 0x00007f9dc0c312dc in fd_poll (re=re at entry=0x7f9dc0c5d0e0 <global_re>) at src/main/main.c:896
#12 0x00007f9dc0c31d52 in re_main (signalh=0x556a958babd0 <signal_handler>) at src/main/main.c:1030
#13 0x0000556a958a052f in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:301
(rr) #
(rr) #
(rr) #
(rr) up
#1 sip_addr_decode (addr=addr at entry=0x7fff4bc3ae80, pl=pl at entry=0x7fff4bc3af50) at src/sip/addr.c:32
32 memset(addr, 0, sizeof(*addr));
(rr) print sizeof(*addr)
$3 = 168
(rr) ptype /o *addr
/* offset | size */ type = struct sip_addr {
/* 0 | 16 */ struct pl {
/* 0 | 8 */ const char *p;
/* 8 | 8 */ size_t l;
/* total size (bytes): 16 */
} dname;
/* 16 | 16 */ struct pl {
/* 16 | 8 */ const char *p;
/* 24 | 8 */ size_t l;
/* total size (bytes): 16 */
} auri;
/* 32 | 120 */ struct uri {
/* 32 | 16 */ struct pl {
/* 32 | 8 */ const char *p;
/* 40 | 8 */ size_t l;
/* total size (bytes): 16 */
} scheme;
/* 48 | 16 */ struct pl {
/* 48 | 8 */ const char *p;
/* 56 | 8 */ size_t l;
/* total size (bytes): 16 */
} user;
/* 64 | 16 */ struct pl {
/* 64 | 8 */ const char *p;
/* 72 | 8 */ size_t l;
/* total size (bytes): 16 */
} password;
/* 80 | 16 */ struct pl {
/* 80 | 8 */ const char *p;
/* 88 | 8 */ size_t l;
/* total size (bytes): 16 */
} host;
/* 96 | 4 */ int af;
/* 100 | 2 */ uint16_t port;
/* XXX 2-byte hole */
/* 104 | 16 */ struct pl {
/* 104 | 8 */ const char *p;
/* 112 | 8 */ size_t l;
/* total size (bytes): 16 */
} path;
/* 120 | 16 */ struct pl {
/* 120 | 8 */ const char *p;
/* 128 | 8 */ size_t l;
/* total size (bytes): 16 */
} params;
/* 136 | 16 */ struct pl {
/* 136 | 8 */ const char *p;
/* 144 | 8 */ size_t l;
/* total size (bytes): 16 */
} headers;
/* total size (bytes): 120 */
} uri;
/* 152 | 16 */ struct pl {
/* 152 | 8 */ const char *p;
/* 160 | 8 */ size_t l;
/* total size (bytes): 16 */
} params;
/* total size (bytes): 168 */
}
(rr) #
(rr) #
(rr) #
(rr) up
#2 0x0000556a958a831c in call_connect (call=0x556a95dbb7a0, paddr=paddr at entry=0x7fff4bc3af50) at src/call.c:932
932 if (0 == sip_addr_decode(&addr, paddr)) {
(rr) print sizeof(addr)
$4 = 152
(rr) ptype /o addr
/* offset | size */ type = struct sip_addr {
/* 0 | 16 */ struct pl {
/* 0 | 8 */ const char *p;
/* 8 | 8 */ size_t l;
/* total size (bytes): 16 */
} dname;
/* 16 | 16 */ struct pl {
/* 16 | 8 */ const char *p;
/* 24 | 8 */ size_t l;
/* total size (bytes): 16 */
} auri;
/* 32 | 104 */ struct uri {
/* 32 | 16 */ struct pl {
/* 32 | 8 */ const char *p;
/* 40 | 8 */ size_t l;
/* total size (bytes): 16 */
} scheme;
/* 48 | 16 */ struct pl {
/* 48 | 8 */ const char *p;
/* 56 | 8 */ size_t l;
/* total size (bytes): 16 */
} user;
/* 64 | 16 */ struct pl {
/* 64 | 8 */ const char *p;
/* 72 | 8 */ size_t l;
/* total size (bytes): 16 */
} password;
/* 80 | 16 */ struct pl {
/* 80 | 8 */ const char *p;
/* 88 | 8 */ size_t l;
/* total size (bytes): 16 */
} host;
/* 96 | 4 */ int af;
/* 100 | 2 */ uint16_t port;
/* XXX 2-byte hole */
/* 104 | 16 */ struct pl {
/* 104 | 8 */ const char *p;
/* 112 | 8 */ size_t l;
/* total size (bytes): 16 */
} params;
/* 120 | 16 */ struct pl {
/* 120 | 8 */ const char *p;
/* 128 | 8 */ size_t l;
/* total size (bytes): 16 */
} headers;
/* total size (bytes): 104 */
} uri;
/* 136 | 16 */ struct pl {
/* 136 | 8 */ const char *p;
/* 144 | 8 */ size_t l;
/* total size (bytes): 16 */
} params;
/* total size (bytes): 152 */
}
https://sources.debian.org/src/libre/1.1.0-1/src/sip/addr.c/#L32
More information about the Pkg-voip-maintainers
mailing list