Any known memory leak in nta? #1
Comments
|
Do you have a simple scenario that illustrates the memory leak? If so, that would be helpful to me in trying to troubleshoot. I am not aware of any leaks in sofia-sip, but my investigation has not been exhaustive so I welcome any detailed bug reports. |
|
I was simply using valgrind to detect the memory leaks. It seems all the definite lost are from sofia lib. I read about the docs of sofia lib, and all the memory allocation with the lib is home-based.
|
This commit has the following changes to `sip_method_d` in `sip_parser.c`, plus supporting files:
* Take the size of the input string as an argument, a pattern established by other functions.
* Use the minimum of this and the lengths of each method string, with `null` terminator subtracted, to bound `strncmp`.
* Bounds-check `n` prior to use throughout the rest of `sip_method_d`, incrementing no further than one character off the end of the input string. Without these bounds checks it was possible for malformed input to overflow the buffer; for example:
```
=================================================================
==77681==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000236b at pc 0x563cc24ff234 bp 0x7ffe52888f40 sp 0x7ffe52888f30
READ of size 1 at 0x60700000236b thread T0
#0 0x563cc24ff233 in sip_method_d drachtio-server/deps/sofia-sip/libsofia-sip-ua/sip/sip_parser.c:416
davehorton#1 0x563cc24f4c6b in sip_cseq_d drachtio-server/deps/sofia-sip/libsofia-sip-ua/sip/sip_basic.c:1212
davehorton#2 0x563cc247c025 in header_parse drachtio-server/deps/sofia-sip/libsofia-sip-ua/msg/msg_parser.c:1132
davehorton#3 0x563cc247b9c4 in extract_header drachtio-server/deps/sofia-sip/libsofia-sip-ua/msg/msg_parser.c:1071
davehorton#4 0x563cc247afb5 in extract_next drachtio-server/deps/sofia-sip/libsofia-sip-ua/msg/msg_parser.c:1001
0x60700000236b is located 1 bytes to the right of 74-byte region [0x607000002320,0x60700000236a)
allocated by thread T0 here:
#0 0x7f1faa4dcb50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
davehorton#1 0x563cc252f2da in sub_alloc drachtio-server/deps/sofia-sip/libsofia-sip-ua/su/su_alloc.c:541
davehorton#2 0x563cc252fce8 in su_alloc drachtio-server/deps/sofia-sip/libsofia-sip-ua/su/su_alloc.c:960
davehorton#3 0x563cc248257d in msg_header_alloc drachtio-server/deps/sofia-sip/libsofia-sip-ua/msg/msg_parser.c:231
```
Hi,
It's great to find out someone is actively working on this old lib.
I recently discovered memory leak when calling the sofia lib, but haven't find out exact location.
I was browsing the code in nta, in incoming_reclaim, it seems the irq->irq_rq(the request headers which is a linked list) isn't freed, but I'm not sure if I missed somewhere else.
The text was updated successfully, but these errors were encountered: