Ticket #2116 (closed defect: fixed)

Opened 7 months ago

Last modified 7 months ago

iLBC using memcpy instead of memmove for overlapping mem

Reported by: riza Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: third-party Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

When testing pjsip on Raspberry Pi, it is reported that some weird sound issue happen if call lasted longer than ~30s. When checked with address sanitizer tools, the output is like this:

==3210==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x6f5fd020,0x6f5fd1cc) and [0x6f5fd0c0, 0x6f5fd26c) overlap
    #0 0x59e37 in __interceptor_memcpy.part.36 (/home/pi/projects/sip/pjsip/simple_pjsua/simple_pjsua+0x59e37)
    #1 0x4dc79f in iLBC_encode ../../ilbc/iLBC_encode.c:311
    #2 0x2c7693 in ilbc_codec_encode ../src/pjmedia-codec/ilbc.c:754
    #3 0x3316f7 in pjmedia_codec_encode ../include/pjmedia/codec.h:1069

The issue is that iLBC sometimes uses memcpy() even when the source and the target storage overlap. This causes undefined behaviour and memmove() should be used in such cases (instead of memcpy()).

Similar issue was reported at https://issues.asterisk.org/jira/browse/ASTERISK-20231.

Thanks to Christian Hoff for the report and patch.

Change History

comment:1 Changed 7 months ago by riza

  • Status changed from new to closed
  • Resolution set to fixed

In 5798:

Fix #2116: iLBC using memcpy instead of memmove for overlapping memory.

Note: See TracTickets for help on using tickets.