Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bufferoverflow on run #479

Closed
brettowe opened this issue Aug 13, 2020 · 2 comments
Closed

bufferoverflow on run #479

brettowe opened this issue Aug 13, 2020 · 2 comments

Comments

@brettowe
Copy link

brettowe commented Aug 13, 2020
edited by wdoekes
Loading

after compiling -git on arch linux and attempting to run sipp -sn uas I get the below error.
I also see the same attempting uac and any remote address.

*** buffer overflow detected ***: terminated
Aborted (core dumped)

using gdb i see the below

Using host libthread_db library "/usr/lib/libthread_db.so.1".
*** buffer overflow detected ***: terminated
Program received signal SIGABRT, Aborted.
0x00007ffff76f3355 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff76f3355 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff76dc853 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff7736878 in __libc_message () from /usr/lib/libc.so.6
#3  0x00007ffff77c688a in __fortify_fail () from /usr/lib/libc.so.6
#4  0x00007ffff77c5114 in __chk_fail () from /usr/lib/libc.so.6
#5  0x00007ffff77c4d25 in __snprintf_chk () from /usr/lib/libc.so.6
#6  0x0000555555599061 in ScreenPrinter::draw_scenario_screen() ()
#7  0x000055555559f5b0 in ScreenPrinter::get_lines() ()
#8  0x00005555555a0230 in ScreenPrinter::redraw() ()
#9  0x000055555558e24e in screentask::report(bool) ()
#10 0x000055555557253c in main ()
@wdoekes
Copy link
Member

wdoekes commented Aug 17, 2020

Yuck.

I think this should fix it. Can you check?

--- a/src/screen.cpp
+++ b/src/screen.cpp
@@ -277,7 +277,7 @@ void ScreenPrinter::draw_scenario_screen()
         display_scenario->stats->GetStat(CStat::CPT_C_OutgoingCallCreated);
     if (creationMode == MODE_SERVER) {
         lines.push_back("  Port   Total-time  Total-calls  Transport");
-        snprintf(buf, 256, "  %-5d %6lu.%02lu s     %8llu  %s", local_port,
+        snprintf(buf, bufsiz, "  %-5d %6lu.%02lu s     %8llu  %s", local_port,
                  clock_tick / 1000, (clock_tick % 1000) / 10, total_calls,
                  TRANSPORT_TO_STRING(transport));
         lines.push_back(buf);
@@ -286,7 +286,7 @@ void ScreenPrinter::draw_scenario_screen()
         if (users >= 0) {
             lines.push_back("  Users (length)   Port   Total-time  "
                             "Total-calls  Remote-host");
-            snprintf(buf, 256,
+            snprintf(buf, bufsiz,
                      "  %d (%d ms)   %-5d %6lu.%02lu s     %8llu  %s:%d(%s)",
                      users, duration, local_port, clock_tick / 1000,
                      (clock_tick % 1000) / 10, total_calls, remote_ip,
@@ -296,7 +296,7 @@ void ScreenPrinter::draw_scenario_screen()
             lines.push_back("  Call rate (length)   Port   Total-time  "
                             "Total-calls  Remote-host");
             snprintf(
-                buf, 256,
+                buf, bufsiz,
                 "  %3.1f(%d ms)/%5.3fs   %-5d %6lu.%02lu s     %8llu  %s:%d(%s)",
                 rate, duration, (double)rate_period_ms / 1000.0, local_port,
                 clock_tick / 1000, (clock_tick % 1000) / 10, total_calls,

@brettowe
Copy link
Author

tested on arm and x86 systems and it worked on both.
thanks.

@wdoekes wdoekes closed this as completed in bcec2fd Sep 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wdoekes @brettowe