Bug#1023739: sipsak: Message mode causes segmentation fault
Bernhard Übelacker
bernhardu at mailbox.org
Wed Nov 23 22:29:01 GMT 2022
Dear Maintainer,
I could reproduce a crash inside a
minimal Bookworm/testing amd64 qemu VM.
There I took below backtrace [2].
Having msg_data->repl_buff equal NULL seems to be the issue.
Upstream commit [1] looks related and a package built
with this commit does not crash with the example command.
Kind regards,
Bernhard
[1] https://github.com/nils-ohlmeier/sipsak/commit/8f132bb35b5ce55d76b2e0fc633ad0cc17bbff42
[2]
$ rr sipsak -M -B Hi -c sip:benutzer at localhost -s sip:benutzer at localhost
rr: Saving execution to trace directory `/home/benutzer/.local/share/rr/sipsak-0'.
Speicherzugriffsfehler
$ rr replay -o -q
...
Program received signal SIGSEGV, Segmentation fault.
0x00007fbe6d455096 in __vsprintf_internal (string=0x0, maxlen=maxlen at entry=18446744073709551615, format=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", args=args at entry=0x7ffc6c063840, mode_flags=mode_flags at entry=6) at iovsprintf.c:88
88 iovsprintf.c: Datei oder Verzeichnis nicht gefunden.
(rr) bt
#0 0x00007fbe6d455096 in __vsprintf_internal (string=0x0, maxlen=maxlen at entry=18446744073709551615, format=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", args=args at entry=0x7ffc6c063840, mode_flags=mode_flags at entry=6) at iovsprintf.c:88
#1 0x00007fbe6d4eba3b in ___sprintf_chk (s=<optimized out>, flag=flag at entry=1, slen=slen at entry=18446744073709551615, format=format at entry=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n") at sprintf_chk.c:40
#2 0x000055e754aefb5e in sprintf (__fmt=0x55e754af5540 "%s%ssip:sipsak@%s:%i;tag=%x\r\n%ssip:%s%s;tag=%o%o\r\n%s%u@%s\r\n%s%i %s\r\n%s0\r\n%s%s\r\n\r\n", __s=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:36
#3 create_msg (action=action at entry=4, msg_data=msg_data at entry=0x55e754afd840 <msg_data>) at src/request.c:227
#4 0x000055e754af2b41 in shoot (buf=buf at entry=0x7ffc6c065c10 "MESSAGE sip:benutzer at localhost SIP/2.0\r\nVia: SIP/2.0/UDP 127.0.1.1:59617;branch=z9hG4bK.1a7c9125;rport;alias\r\nTo: sip:benutzer at localhost\r\nCall-ID: 1272641755 at 127.0.1.1\r\nCSeq: 1 MESSAGE\r\nContent-Type: "..., buff_size=buff_size at entry=4096, options=options at entry=0x7ffc6c065b10) at src/shoot.c:986
#5 0x000055e754ae6c12 in main (argc=<optimized out>, argv=<optimized out>) at src/sipsak.c:1044
(rr) up
(rr) up
(rr) up
#3 create_msg (action=action at entry=4, msg_data=msg_data at entry=0x55e754afd840 <msg_data>) at src/request.c:227
227 sprintf(msg_data->repl_buff,
(rr) display/i $pc
1: x/i $pc
=> 0x55e754aefb5e <create_msg+2078>: add $0x90,%rsp
(rr) list
225 }
226 add_via(req_buf_begin, msg_data->fqdn, msg_data->lport);
227 sprintf(msg_data->repl_buff,
228 "%s"
229 "%ssip:sipsak@%s:%i;tag=%x\r\n"
230 "%ssip:%s%s;tag=%o%o\r\n"
231 "%s%u@%s\r\n"
232 "%s%i %s\r\n"
233 "%s0\r\n"
234 "%s%s\r\n"
235 "\r\n",
236 SIP200_STR,
237 FROM_STR, msg_data->fqdn, msg_data->lport, c,
238 TO_STR, msg_data->username, msg_data->domainname, c, d,
239 CALL_STR, c, msg_data->fqdn,
240 CSEQ_STR, msg_data->cseq_counter, MES_STR,
241 CON_LEN_STR,
242 UA_STR, UA_VAL_STR);
243 break;
(rr) print msg_data->repl_buff
$1 = 0x0
More information about the Pkg-voip-maintainers
mailing list