[sr-dev] [kamailio/kamailio] cfg_rpc updates changing variable values to large random numbers (#1583)

4 Jul 2018


      I was trying to do a cfg_rpc update on a variable and some of the times, the variable would take on randomly large values or negative values.
The -1 here is probably causing issues.
https://github.com/kamailio/kamailio/blob/1d53ea3dba4e59b05b2e92ecc973c44159...
Here's an explanation of what's going on (debugged using gdb). In cfg_struc.c if you put a breakpoint in the following line in cfg_clone_global
https://github.com/kamailio/kamailio/blob/1d53ea3dba4e59b05b2e92ecc973c44159...
checking variable values:
```
--- Old (correct) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172))
$33 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 0)
$34 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 1)
$35 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 2)
$36 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((*cfg_global)->vars + 984)) + 172)) + 3)
$37 = 0 '\000'
--- new (corrupt) value ---
(gdb) print sizeof(*(int *)(((unsigned char *)((block)->vars + 984)) + 172))
$28 = 4
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 0)
$29 = 99 'c'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 1)
$30 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 2)
$31 = 0 '\000'
(gdb) print *((unsigned char *)&(*(int *)(((unsigned char *)((block)->vars + 984)) + 172)) + 3)
$32 = 130 '\202'
```
As visible, the last byte is getting corrupted. 
I checked the memory allocation variables:
```
--> cfg_block_size
(gdb) print cfg_block_size
$2 = 1156
--> sizeof(cfg_block_t)
print sizeof(cfg_block_t)
$15 = 8
 ```
This means that total memory assigned = 8 + 1156 -(1) = 1163
``` 
--> address of new block
(gdb) print (void *) block
$12 = (void *) 0x7f63086b6758
--> address of the corrupted variable in the new block
(gdb) print (void *)(((unsigned char *)((block)->vars + 984)) + 172)
$13 = (void *) 0x7f63086b6be0
--> offset of the variable from the block start
(gdb) print 0x7f63086b6be0 - 0x7f63086b6758
$14 = 1160
```
since the variable is an integer, memory that should be assigned = 1160 + 4 = 1164
However, we're assigning 1163.
Therefore the last byte is getting corrupted.
Does it make sense to remove the -1 from all the memory allocation in cfg_struct ?
-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1583

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] [kamailio/kamailio] cfg_rpc updates changing variable values to large random numbers (#1583)