Project

General

Profile

Actions
Copy link

Bug #4457

open

editing the SCCP address book (global-title) on a running instance may crash the application

Added by neels about 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
03/17/2020
Due date:
% Done:

0%

Spec Reference:

Description

Encountered while crafting examples for the SCCP configuration manual:

OsmoMSC(config-cs7)# sccp-address foo
OsmoMSC(config-cs7-sccpaddr)# routing-indicator GT
OsmoMSC(config-cs7-sccpaddr)# global-title 
OsmoMSC(config-cs7-sccpaddr-gt)# digits 1234
OsmoMSC(config-cs7-sccpaddr-gt)# exit
OsmoMSC(config-cs7-sccpaddr)# exit
Connection closed by foreign host.

../../../src/libosmo-sccp/src/osmo_ss7_vty.c:1829:21: runtime error: member access within null pointer of type 'struct osmo_sccp_addr_entry'

!!! Segmentation Fault !!!

info.si_signo = 11
info.si_errno = 0
info.si_code  = 1 (SEGV_MAPERR)
info.si_addr  = 0x20

Stack trace:
 0: /usr/lib/x86_64-linux-gnu/libasan.so.5(+0xac5fd) [0x7f50b74815fd]+0xac5fd) [0x7f50b74815fd]
 1: stacktrace(ucontext_t const&)+0x42) [0x7f50b3347fe2]
 2: /usr/lib/titan/libttcn3-dynamic.so(+0x4eb27b) [0x7f50b334827b]+0x4eb27b) [0x7f50b334827b]
 3: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7f50b3b49730]+0x12730) [0x7f50b3b49730]
 4: /usr/local/lib/libosmo-sigtran.so.5(osmo_ss7_vty_go_parent+0xd0d) [0x7f50b4b6e494]+0xd0d) [0x7f50b4b6e494]
 5: osmo-msc(+0x385e4c) [0x55acf4420e4c]+0x385e4c) [0x55acf4420e4c]
 6: /usr/local/lib/libosmovty.so.4(vty_go_parent+0x2ac) [0x7f50b6f67e6f]+0x2ac) [0x7f50b6f67e6f]
 7: /usr/local/lib/libosmovty.so.4(+0x9f578) [0x7f50b6f6d578]+0x9f578) [0x7f50b6f6d578]
 8: /usr/local/lib/libosmovty.so.4(+0x9befe) [0x7f50b6f69efe]+0x9befe) [0x7f50b6f69efe]
 9: /usr/local/lib/libosmovty.so.4(cmd_execute_command+0x3aa) [0x7f50b6f6a611]+0x3aa) [0x7f50b6f6a611]
10: /usr/local/lib/libosmovty.so.4(+0xa95f8) [0x7f50b6f775f8]+0xa95f8) [0x7f50b6f775f8]
11: /usr/local/lib/libosmovty.so.4(+0xace39) [0x7f50b6f7ae39]+0xace39) [0x7f50b6f7ae39]
12: /usr/local/lib/libosmovty.so.4(vty_read+0x1c6e) [0x7f50b6f8487c]+0x1c6e) [0x7f50b6f8487c]
13: /usr/local/lib/libosmovty.so.4(+0xc0f8e) [0x7f50b6f8ef8e]+0xc0f8e) [0x7f50b6f8ef8e]
14: /usr/local/lib/libosmocore.so.12(osmo_fd_disp_fds+0xd97) [0x7f50b6789da2]+0xd97) [0x7f50b6789da2]
15: /usr/local/lib/libosmocore.so.12(+0xf9184) [0x7f50b678a184]+0xf9184) [0x7f50b678a184]
16: /usr/local/lib/libosmocore.so.12(osmo_select_main_ctx+0x16) [0x7f50b678a320]+0x16) [0x7f50b678a320]
17: osmo-msc(+0x3880f7) [0x55acf44230f7]+0x3880f7) [0x55acf44230f7]
18: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7f50b399a09b]+0xeb) [0x7f50b399a09b]
19: osmo-msc(+0x384c3a) [0x55acf441fc3a]+0x384c3a) [0x55acf441fc3a]

Goodbye, cruel world!

=================================================================
==25715==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 163 byte(s) in 20 object(s) allocated from:
    #0 0x7f50b74be330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
    #1 0x7f50b3348079 in stacktrace(ucontext_t const&) (/usr/lib/titan/libttcn3-dynamic.so+0x4eb079)

SUMMARY: AddressSanitizer: 163 byte(s) leaked in 20 allocation(s).

Segfault happens on line

vty->index = entry->inst;

in

        case L_CS7_SCCPADDR_NODE:
                entry = vty->index;
                vty->node = L_CS7_NODE;
                vty->index = entry->inst;
                break;

of osmo_ss7_vty_go_parent()

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)