[sr-dev] git:master:43ac6b27: rtpengine: fix unaligned memory access

9 May 2023

Module: kamailio
Branch: master
Commit: 43ac6b27d7ca7bc522f362c25ebb3c22ab918280
URL: https://github.com/kamailio/kamailio/commit/43ac6b27d7ca7bc522f362c25ebb3c2…

Author: Richard Fuchs &lt;rfuchs(a)sipwise.com&gt;
Committer: Victor Seva &lt;linuxmaniac(a)torreviejawireless.org&gt;
Date: 2023-05-09T15:20:37+02:00

rtpengine: fix unaligned memory access

Make sure the pointers we return from our continuous memory buffer is
always 64-bit aligned as it's used not only for strings, but also for
structs/objects, and such unaligned memory access is undefined on some
archs and flagged as such by ASAN.

From https://github.com/sipwise/rtpengine/commit/ade8100d3b10308f1ff63f8cb06fdf2…

fixes #3444

---

Modified: src/modules/rtpengine/bencode.c

---

Diff: 
https://github.com/kamailio/kamailio/commit/43ac6b27d7ca7bc522f362c25ebb3c2…
Patch:
https://github.com/kamailio/kamailio/commit/43ac6b27d7ca7bc522f362c25ebb3c2…

---

diff --git a/src/modules/rtpengine/bencode.c b/src/modules/rtpengine/bencode.c
index 7a4b2ed0da..cca1732624 100644
--- a/src/modules/rtpengine/bencode.c
+++ b/src/modules/rtpengine/bencode.c
@@ -12,6 +12,8 @@
 
 #define BENCODE_HASH_BUCKETS		31 /* prime numbers work best */
 
+#define BENCODE_ALLOC_ALIGN 8
+
 struct __bencode_buffer_piece {
 	char *tail;
 	unsigned int left;
@@ -76,7 +78,7 @@ static struct __bencode_buffer_piece *__bencode_piece_new(unsigned int
size) {
 
 	if (size < BENCODE_MIN_BUFFER_PIECE_LEN)
 		size = BENCODE_MIN_BUFFER_PIECE_LEN;
-	ret = BENCODE_MALLOC(sizeof(*ret) + size);
+	ret = BENCODE_MALLOC(sizeof(*ret) + size + BENCODE_ALLOC_ALIGN);
 	if (!ret)
 		return NULL;
 
@@ -99,6 +101,7 @@ int bencode_buffer_init(bencode_buffer_t *buf) {
 static void *__bencode_alloc(bencode_buffer_t *buf, unsigned int size) {
 	struct __bencode_buffer_piece *piece;
 	void *ret;
+	unsigned int align_size = ((size + BENCODE_ALLOC_ALIGN - 1) / BENCODE_ALLOC_ALIGN) *
BENCODE_ALLOC_ALIGN;
 
 	if (!buf)
 		return NULL;
@@ -121,9 +124,12 @@ static void *__bencode_alloc(bencode_buffer_t *buf, unsigned int
size) {
 	assert(size <= piece->left);
 
 alloc:
-	piece->left -= size;
+	if (piece->left >= align_size)
+		piece->left -= align_size;
+	else
+		piece->left = 0;
 	ret = piece->tail;
-	piece->tail += size;
+	piece->tail += align_size;
 	return ret;
 }
 


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] git:master:43ac6b27: rtpengine: fix unaligned memory access