[Icecast-dev] Bug in icecast 2.3.2 (not in stable release but a little later and in trunk) : Null pointer in auth_remove_listener
Bruno at adswizz.com
Mon Apr 5 03:51:28 PDT 2010
We believe we have found a bug in Icecast in version 2.3.2 (not the the
released code but a version that was taken from a tag
icecast2-svn-20090324.tar.gz) and it looks that it also affects the last
version in the trunk.
We studied a core dump generated by icecast.
We found that the crash occurred in the following icecast code:
static void auth_remove_listener (auth_t *auth, auth_client *auth_user)
client_t *client = auth_user->client;
client->auth = NULL;
/* client is going, so auth is not an issue at this point */
client->authenticated = 0;
Because client->auth was NULL and so it tried to dereference a NULL
(gdb) p client->auth->release_listener
Cannot access memory at address 0x10
(gdb) p client->auth
$3 = (struct auth_tag *) 0x0
(gdb) p auth_user
$4 = (auth_client *) 0x7f10d2126b80
(gdb) p auth_user->client
$6 = (client_t *) 0x7f1123690f00
we compare the sources of icecast we used with the 'mainstream' version
(icecast-2.3.2) and found that the authentication functionality in
question has some significant changes, in particular icecast-2.3.2 has a
few more checks for client->auth being not NULL, and the version we used
has some functions added that reset this pointer to NULL under some
circumstances. This is what probably caused the crash. We have checked
in trunk and the situation is similar.
We would recommend adding a check to the code above for that pointer
being not NULL;
Hope this is clear, and helps.
Please keep me updated on the way you plan to fix the problem.
+43 699 19058565
skype : brunonieuwenhuys
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Icecast-dev