Dear all —
Please find attached a sample program that parses a SIP message using pjsip_parse_msg. This programs causes a stack-buffer overflow.
Version
trunk
How to reproduce pjsip_multipart_parse overflow:
$ clang -o out pj_scan_get_until_ch pjsip/lib/libpjsip-x86_64-unknown-linux-gnu.a pjlib-util/lib/libpjlib-util-x86_64-unknown-linux-gnu.a pjlib/lib/libpj-x86_64-unknown-linux-gnu.a -Ipjlib/include/ -Ipjlib-util/include/ -Ipjsip/include -lpthread -lm -luuid
$ valgrind ./out
The resulting valgrind output is attached.
I've detected the issue with afl-fuzz in ASAN mode.
Cheers
-Stephan Zeisberg
Dear all —
Please find attached a sample program that parses a SIP message using pjsip_parse_msg. This programs causes a stack-buffer overflow.
# Version
trunk
# How to reproduce pjsip_multipart_parse overflow:
$ clang -o out pj_scan_get_until_ch pjsip/lib/libpjsip-x86_64-unknown-linux-gnu.a pjlib-util/lib/libpjlib-util-x86_64-unknown-linux-gnu.a pjlib/lib/libpj-x86_64-unknown-linux-gnu.a -Ipjlib/include/ -Ipjlib-util/include/ -Ipjsip/include -lpthread -lm -luuid
$ valgrind ./out
The resulting valgrind output is attached.
I've detected the issue with afl-fuzz in ASAN mode.
Cheers
-Stephan Zeisberg
