<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<font color="#000000">Hello,</font>
<br>
<br>
<font color="#000000">We believe we have found a bug in
Icecast in version 2.3.2 (not the the released code but a version
that was taken from a tag icecast2-svn-20090324.tar.gz) and it
looks that it also affects the last version in the trunk.</font>
<br>
<br>
<font color="#000000">We studied a core
dump generated by icecast.</font>
<br>
<font color="#000000">We found that the
crash occurred in<font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">
the following icecast code:</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">static
void auth_remove_listener (auth_t *auth, auth_client *auth_user)</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">{</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">client_t
*client = auth_user->client;</font></font></font>
<br>
<font color="#000000"> </font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">if
(client->auth->release_listener)</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">client->auth->release_listener
(auth_user);</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">auth_release
(client->auth);</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">client->auth
= NULL;</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">/*
client is going, so auth is not an issue at this point */</font></font></font>
<br>
<font color="#000000">
<font face="Calibri, sans-serif"><font style="font-size: 11pt;" size="2">client->authenticated
= 0;</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">}</font></font></font>
<br>
<font color="#000000"> </font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Because
client->auth was NULL and so it tried to dereference a NULL
pointer:</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">(gdb)
p client->auth->release_listener</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Cannot
access memory at address 0x10</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">(gdb)
p client->auth</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">$3
= (struct auth_tag *) 0x0</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">(gdb)
p auth_user</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">$4
= (auth_client *) 0x7f10d2126b80</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">(gdb)
p auth_user->client</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">$6
= (client_t *) 0x7f1123690f00</font></font></font>
<br>
<font color="#000000"> </font>
<br>
<font color="#000000"> we<font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">
compare the sources of icecast we used with the 'mainstream'
version (icecast-2.3.2) and found that the authentication
functionality in question has some significant changes, in particular
icecast-2.3.2 has a few more checks for client->auth being not
NULL, and the version we used has some functions added that reset
this pointer to NULL under some circumstances. This is what probably
caused the crash. We have checked in trunk and the situation is
similar.</font></font></font>
<br>
<font color="#000000"> </font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">We
would recommend adding a check to the code above for that pointer
being not NULL; </font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Hope
this is clear, and helps.</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Please
keep me updated on the way you plan to fix the problem.</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Best
Regards</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Bruno
Nieuwenhuys</font></font></font>
<br>
<font color="#000000"><font face="Calibri, sans-serif"><font
style="font-size: 11pt;" size="2">Adswizz</font></font></font>
<br>
<font color="#000000"><br>
<br>
</font>
<br>
<pre class="moz-signature" cols="72">--
Bruno Nieuwenhuys
CTO Adswizz
+43 699 19058565
skype : brunonieuwenhuys
<a class="moz-txt-link-abbreviated" href="http://www.adswizz.com">www.adswizz.com</a></pre>
</body>
</html>