Project

General

Profile

Actions

Bug #3195

closed

misaligned access error in pcp_contains_option()

Added by neels almost 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
04/22/2018
Due date:
% Done:

0%

Spec Reference:

Description

Found with a real-hardware test using address sanitizer built osmo-ggsn

../../../src/osmo-ggsn/ggsn/ggsn.c:407:44: runtime error: member access within misaligned address 0x7feccdd43d57 for type 'struct ipcp_hdr', which requires 2 byte alignment
0x7feccdd43d57: note: pointer points here
 65 80 21 16 01  01 00 16 03 06 00 00 00  00 81 06 00 00 00 00 83  06 00 00 00 00 00 00 00  00 00 00

at ggsn.c

static struct ipcp_option_hdr *ipcp_contains_option(struct ipcp_hdr *ipcp, enum ipcp_options opt)
{
        uint8_t *cur = ipcp->options;

        /* iterate over Options and check if protocol contained */
        while (cur + 2 <= ((uint8_t *)ipcp) + ipcp->len) {
...................................................^ here
                struct ipcp_option_hdr *cur_opt = (struct ipcp_option_hdr *) cur;
                if (cur_opt->type == opt)
                        return cur_opt;
                cur += cur_opt->len;
        }
        return NULL;
}

Surrounding log (including some temporary hacky logging)

20180422145741987 DLGLOBAL NOTICE telnet_interface.c:104 telnet at 127.0.0.1 4260
20180422145741987 DLCTRL NOTICE control_if.c:863 CTRL at 127.0.0.1 4257
20180422153628215 DLGTP DEBUG gtp.c:1570 gtp_create_pdp_ind: Before pdp_tidget
20180422153628215 DLGTP DEBUG pdp.c:275 Begin pdp_tidget tid = 5207410000007109
20180422153628216 DLGTP DEBUG pdp.c:283 Begin pdp_tidget. Not found
20180422153628216 DLGTP DEBUG pdp.c:237 Begin pdp_tidset tid = 5207410000007109
20180422153628216 DLGTP DEBUG pdp.c:246 End pdp_tidset
20180422153628216 DGGSN DEBUG ggsn.c:604 PDP(901700000014702:5): Processing create PDP context request for APN 'internet.beeline.ru'
20180422153628216 DGGSN ERROR ggsn.c:541 PDP(901700000014702:5): XXXXXXXXXXX  using APN internet
../../../src/osmo-ggsn/ggsn/ggsn.c:507:23: runtime error: member access within misaligned address 0x7feccdd43d57 for type 'struct ipcp_hdr', which requires 2 byte alignment
0x7feccdd43d57: note: pointer points here
 65 80 21 16 01  01 00 16 03 06 00 00 00  00 81 06 00 00 00 00 83  06 00 00 00 00 00 00 00  00 00 00
             ^ 
../../../src/osmo-ggsn/ggsn/ggsn.c:407:44: runtime error: member access within misaligned address 0x7feccdd43d57 for type 'struct ipcp_hdr', which requires 2 byte alignment
0x7feccdd43d57: note: pointer points here
 65 80 21 16 01  01 00 16 03 06 00 00 00  00 81 06 00 00 00 00 83  06 00 00 00 00 00 00 00  00 00 00
             ^ 
../../../src/osmo-ggsn/ggsn/ggsn.c:407:44: runtime error: member access within misaligned address 0x7feccdd43d57 for type 'struct ipcp_hdr', which requires 2 byte alignment
0x7feccdd43d57: note: pointer points here
 65 80 21 16 01  01 00 16 03 06 00 00 00  00 81 06 00 00 00 00 83  06 00 00 00 00 00 00 00  00 00 00
             ^ 
20180422153628217 DGGSN ERROR ggsn.c:556 PDP(901700000014702:5): XXXXXXXXXXX  pco_contains_proto(v4) = 0
20180422153628217 DGGSN INFO ggsn.c:719 PDP(901700000014702:5): Successful PDP Context Creation: APN=internet.beeline.ru(internet), TEIC=1, IPv4=192.168.42.1, IPv6=none
20180422153628217 DLGTP DEBUG gtp.c:1250 XXXXXXXXXXXXXX  Create PDP Context Reponse version=1 cause=128
20180422153650963 DGGSN INFO ggsn.c:360 PDP(901700000014702:5): Deleting PDP context
20180422153650964 DLGTP DEBUG pdp.c:255 Begin pdp_tiddel tid = 5207410000007109

Related issues

Is duplicate of OsmoSGSN - Bug #3194: misaligned access error in build_ipcp_pco() msgb_put_u8(msg, ipcp->id);Resolvedstsp04/22/2018

Actions
Actions #1

Updated by neels almost 6 years ago

  • Related to Bug #3194: misaligned access error in build_ipcp_pco() msgb_put_u8(msg, ipcp->id); added
Actions #2

Updated by laforge almost 6 years ago

  • Assignee set to stsp
  • Priority changed from Normal to Low
Actions #3

Updated by stsp over 5 years ago

I believe the misaligned access recorded here has the same root cause as https://osmocom.org/issues/3194

EDIT: Note that both functions de-reference the same pointer.

Actions #4

Updated by stsp over 5 years ago

  • Related to deleted (Bug #3194: misaligned access error in build_ipcp_pco() msgb_put_u8(msg, ipcp->id);)
Actions #5

Updated by stsp over 5 years ago

  • Is duplicate of Bug #3194: misaligned access error in build_ipcp_pco() msgb_put_u8(msg, ipcp->id); added
Actions #6

Updated by stsp over 5 years ago

  • Status changed from New to In Progress
Actions #7

Updated by stsp over 5 years ago

  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)