fasihul-iapp / doubango

Automatically exported from code.google.com/p/doubango
0 stars 0 forks source link

SigComp: Access violation when decompressing SigComp REGISTER message #218

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.Decompressing a REGISTER message causes an access violation in 
tinySIGCOMP.dll when using a recommended DMS of 8192 (decompress successful 
with DMS of 16384).
2.
3.

What is the expected output? What do you see instead?
Successful decompression using recommended defaults and if size is not correct 
to handle it rather than resulting in an access violation.

What version of the product are you using? On what operating system?
Windows 7; tinySIGCOMP 2.0.0.814

Please provide any additional information below.

Note that the UE sends the REGISTER, then the SUBSCRIBE over UDP; the PUBLISH 
is then sent over TCP because of its size.

I have attached three files
     - MessageLog.pcapng
          o Note that the first PUBLISH caused the exception
     - rfc4465_torture_tests.h
          o Updated to include the necessary hex for replication
     - test_tortures.h
          o Updated to include the necessary 'tests' for replication

The actual exception generated (using torture tests to replicate):

Unhandled exception at 0x0f536b17 (tinySIGCOMP.dll) in test.exe: 0xC0000005: 
Access violation writing location 0x002994ca.

HEX for message chain to exception...

UE REGISTER:
============ 

f80ce10f860487bfff00b6e40f20039be5a7df80e5e61f200600b2e48a001d0820a0b21c50a17ca0
ad18a0d6122804631d0820a0a01c50a14da09b1e20a095040700178801a0c0a0c7a1180030a0bf00
01a190a1ffa09017508807a0791122210113210123169fd61e22a0680c0500030101080b0501181f
090186a04f1101a0a0a0bf2101a180a1bfa04101a380a3ffa081018ba8ffa10101b200b3ffa20101
802800802bffa40101805800805fffa8010180c00080cfffb00107108812a04602a04a0725512265
5013655023169f6e19260f86048780800000b6e40fa22906805b01a600a000ae00a000a401126304
280f630201a0a9191920a2d5b6e40006010ea14c806e1923a233a229a0ce87870600135aa04a83c2
5a365e6397a0a05e07842422a45275074583a6b985a9a9898659a989a65a59aa5a559e4da9a25995
8635a9958199807d42ac2d2d0c4ccc6c2c4d2cf473b2e36a49175afb183b71226b286c0954e09691
81a9842b46c4c6d4c8caccce1da39ca21b54a3703bb12ba1307d28e8d75fa56929e7e8a6c3e1d2b1
bbc0402ebaaec2c24138bf2ebb3a3a35d284bab8bb272a0f0eb666517423ee6d636161076fc18180
1883123af20c1c028433fbcc0283cbec1a8058111360b03592e13883e15dc2db0b4b03432323230b
130b13862c150382a1ef0c7d9780f6d344d961520cea185898c2404b434b80d8b1525c0d692d487a
284b058a44637d4970359c95208b60f6c4549484570449e48d90e3705ae51858995959585a59d85a
0357538ab406b4175fdb132b0b0b031b4b231b860492c458040783161ecfc10b0bcce0ed0e10b180
0ed179e9d000

UE SUBSCRIBE:
=============

f80ce10f860487bfff00b6e40f20039be5a7df80e5e61f200600b2e48a001d0820a0b21c50a17ca0
ad18a0d6122804631d0820a0a01c50a14da09b1e20a095040700178801a0c0a0c7a1180030a0bf00
01a190a1ffa09017508807a0791122210113210123169fd61e22a0680c0500030101080b0501181f
090186a04f1101a0a0a0bf2101a180a1bfa04101a380a3ffa081018ba8ffa10101b200b3ffa20101
802800802bffa40101805800805fffa8010180c00080cfffb00107108812a04602a04a0725512265
5013655023169f6e19270f86048780800000b6e40fa22906805b01a600a000804f00a000a4011263
04280f630201a0a9191920a1f4b6e40006010ea14c806e1923a233a229a0ce878706001561dc2542
0b6c2d2c0d0c8c8c8c2c4c2c4e012d222f31cbd0502f03c2201152993a8722c1d378c2d4d4c4c32c
d4c4d32d2cd52d2acf26d4d12ccac31ad4cac0ccc03ea23077f45959d9d998d919a8e765c6d4ae2e
b6d636666075fc07b4fd452a0f03d83db246c0955b096c181a9842b5ec4c6d4c8caccce1daf9ca21
b557370ba9982af86be4c57780dde0f6243553e49861b056dc16ab162636261610782ccd0ce1aac6
c55a035a0bac61858c1af01ae5a599c30216c45644c2a026d1c90adf59c1d93b215ef83b29c7a740
00

UE PUBLISH:
===========

f80ce10f860487bfff7f00b6e40f20039be5a7df80e5e61f200600b2e48a001d0820a0b21c50a17c
a0ad18a0d6122804631d0820a0a01c50a14da09b1e20a095040700178801a0c0a0c7a1180030a0bf
0001a190a1ffa09017508807a0791122210113210123169fd61e22a0680c0500030101080b050118
1f090186a04f1101a0a0a0bf2101a180a1bfa04101a380a3ff7fa081018ba8ffa10101b200b3ffa2
0101802800802bffa40101805800805fffa8010180c00080cfffb00107108812a04602a04a072551
22655013655023169f6e19270f86048780800000b6e40fa22906805b01a600a000809000a000a401
126304280f630201a0a9191920a630b6e40006010ea14c806e1923a233a229a0ce87870600808572
7c79837850095072db0b4b03432323230b130b13804b484bcc72f4140bc0f0878454a24ea5f8b074
dd30b5353130cb353134cb4b354b4ab3c9b5344b32b0c6b532b033300fa8858d8d81a5a1a1a195a5
868e765c6d4aa2ae4f0cb4414133292cb60eadb5c157fcc1d5fa1309d57065a47a29c9d9908a6216
1f0a3142ebd4610753b09b5ca0ee0803b62e1306783db906c09591097bcc0d4c215eeb131b53232b
333877bb394436b1a6e11560855de1427b705ab4d898d9da5a59991998d98355d18ab406b41759d3
130b4b1b4b3b4b43232b86043f88ad1185403c7190ae759c1d95b1389b249d862c6c038d81efdc85
849696706f54f4e9b1bc1d899500787e8130d51b54985798149401e1e305bf80daa50b08ecbad0a4
dedc74d8221f5401d8c89ea36d52a5a29e6a9995a4966a0783cf233b46d40ec6fb54f51b504907a9
0651b5510390e62aa02a8442b41d92c0aca03b6fc158ca0a20ea4076e3d74247d8865a82527715be
6a097c4974260bcce087120f072715c5037141544255f23418af881ab81a84241404c4496d52c59c
e4ea9371d282836525284c620090233b533328d0d2c2cec60ee9330054c069c0f1a9692968c31c06
ad07808d3326dd3e0f14d1b17c31b0ca65f18a76c9fa00783da1af5203b52a22f62896105a74cca3
74fd14b86a0bc245d038be5d676a0941f03c0370b890ebd333b46bd33274732bd3b3a0f19a9b17c7
2f45b261e458dc0e456154a20f8b6d8638d869f7c076f943ba70acb1175635ac249a122382be8091
2e260882a285b9a4dc131051b17c5a00d5185bdc0314619006b0f2812276a0443f096cc463728a48
10e3a5a941e3a80b57866f48ac03b9518cf08550d79ed8130a601e4613762d3cf3a0df2075384929
2f85929839ce2f88a46db8e800ffff

Decompressed messages when a DMS of 16384 is used

==========================
=== Testing UE REGISER ===
==========================
Decoded message is:
        REGISTER sip:test.3gpp.com SIP/2.0
Via: SIP/2.0/UDP [2001::21f:29ff:fe7c:8f51]:5060;branch=z9hG4bK1982631297smg;com
p=sigcomp
Expires: 3600
Route: <sip:[2001::210:1ff:fe23:4567]:5060;lr;comp=sigcomp>
P-Access-Network-Info: 3GPP-E-UTRAN-FDD;utran-cell-id-3gpp=31148000000000000
User-Agent: SP VOIP IMS 2.0
Privacy: none
Contact: <sip:+19084441212@[2001::21f:29ff:fe7c:8f51]:5060;comp=sigcomp>
Authorization: Digest username="311480123456789@test.3gpp.com",realm="test.3gpp.
com",uri="sip:test.3gpp.com",nonce="",response=""
From: <sip:+19084441212@test.3gpp.com>;tag=1255519718
To: <sip:+19084441212@test.3gpp.com>
Call-ID: 251103943@2001::21f:29ff:fe7c:8f51
CSeq: 1 REGISTER
Max-Forwards: 70
Content-Length: 0

xoutput: NO
xcycles: NO (exp: 0, got: 10570)

=== FAIL: UE REGISER ===
========================

============================
=== Testing UE SUBSCRIBE ===
============================
Decoded message is:
        SUBSCRIBE sip:+19084441212@test.3gpp.com SIP/2.0
Via: SIP/2.0/UDP [2001::21f:29ff:fe7c:8f51]:5060;branch=z9hG4bK3015776346smg;com
p=sigcomp
Expires: 3660
Event: reg
Route: <sip:[2001::210:1ff:fe23:4567]:5060;lr;comp=sigcomp>
Contact: <sip:+19084441212@[2001::21f:29ff:fe7c:8f51]:5060;comp=sigcomp>
From: <sip:+19084441212@test.3gpp.com>;tag=2321142187
To: <sip:+19084441212@test.3gpp.com>
Call-ID: 1323221896@2001::21f:29ff:fe7c:8f51
CSeq: 1 SUBSCRIBE
Max-Forwards: 70
Content-Length: 0

xoutput: NO
xcycles: NO (exp: 0, got: 8690)

=== FAIL: UE SUBSCRIBE ===
==========================

==========================
=== Testing UE PUBLISH ===
==========================
Decoded message is:
        PUBLISH sip:+19084441212@test.3gpp.com SIP/2.0
Via: SIP/2.0/TCP [2001::21f:29ff:fe7c:8f51]:5060;branch=z9hG4bK3309888591smg;com
p=sigcomp
Accept: application/pidf+xml,multipart/related,application/rlmi+xml
Content-Type: application/pidf+xml
Expires: 1200
Event: presence
Route: <sip:[2001::210:1ff:fe23:4567]:5060;lr;comp=sigcomp>
From: <sip:+19084441212@test.3gpp.com>;tag=2379964636
To: <sip:+19084441212@test.3gpp.com>
Call-ID: 2193979845@2001::21f:29ff:fe7c:8f51
CSeq: 1 PUBLISH
Max-Forwards: 70
Contact: <sip:+19084441212@[2001::21f:29ff:fe7c:8f51]:5060;comp=sigcomp>
Content-Length: 976

<?xml version="1.0" encoding="UTF-8"?>
<presence xmlns="urn:ietf:params:xml:ns:pidf" xmlns:rpid="urn:ietf:params:xml:ns
:pidf:rpid" xmlns:op="urn:oma:xml:prs:pidf:oma-pres" xmlns:pdm="urn:ietf:params:
xml:ns:pidf:data-model" xmlns:cipid="urn:ietf:params:xml:ns:pidf:cipid" xmlns:ca
ps="urn:ietf:params:xml:ns:pidf:caps" entity="sip:+19084441212@test.3gpp.com">
  <tuple id="myid891734830">
    <status>
      <basic>open</basic>
    </status>
    <op:service-description>
      <op:service-id>org.3gpp.urn:urn-7:3gpp-service.ims.icsi.mmtel</op:service-
id>
      <op:version>1.0</op:version>
      <op:description>VoLTE service</op:description>
    </op:service-description>
    <caps:servcaps>
      <caps:audio>true</caps:audio>
      <caps:video>true</caps:video>
      <caps:duplex>
        <caps:supported>
          <caps:full/>
        </caps:supported>
      </caps:duplex>
    </caps:servcaps>
    <contact>sip:+19084441212@test.3gpp.com</contact>
  </tuple>
</presence>

xoutput: NO
xcycles: NO (exp: 0, got: 16640)

=== FAIL: UE PUBLISH ===
========================

Original issue reported on code.google.com by alistair...@gmail.com on 15 Mar 2013 at 9:53

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by boss...@yahoo.fr on 17 Mar 2013 at 11:54

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
oops ...it's r843: https://code.google.com/p/doubango/source/detail?r=843

Original comment by boss...@yahoo.fr on 19 Mar 2013 at 1:13