[OpenWrt-Devel] [uqmi] SEGFAULT on reading Unicode sms messages

Sławomir Demeszko s.demeszko at wireless-instruments.com
Thu Nov 27 10:00:11 EST 2014 

I was trying to read (by command --get-message) sms text message coded
in 16 bit Unicode which is not supported yet in uqmi, but program does
not end cleanly, I got segfault:

Program received signal SIGSEGV, Segmentation fault.
blobmsg_check_attr (attr=attr at entry=0x60d038, name=name at entry=false)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/libubox-2014-11-23/blobmsg.c:49
49              if (hdr->name[blobmsg_namelen(hdr)] != 0)
(gdb) bt
#0  blobmsg_check_attr (attr=attr at entry=0x60d038, name=name at entry=false)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/libubox-2014-11-23/blobmsg.c:49
#1  0x00007ffff79e911b in blobmsg_format_element (s=s at entry=0x7fffffffea48, attr=attr at entry=0x60d038, array=array at entry=false, head=false)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/libubox-2014-11-23/blobmsg_json.c:221
#2  0x00007ffff79e9609 in blobmsg_format_json_with_cb (attr=0x60d038, list=list at entry=false, cb=cb at entry=0x0, priv=priv at entry=0x0, indent=<optimized out>)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/libubox-2014-11-23/blobmsg_json.c:316
#3  0x0000000000403377 in blobmsg_format_json_indent (list=false, indent=<optimized out>, attr=<optimized out>)
    at /home/wirouter/Projects/OpenWRT/x86/staging_dir/target-x86_64_uClibc-0.9.33.2/usr/include/libubox/blobmsg_json.h:42
#4  uqmi_print_result (data=<optimized out>) at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/wi-uqmi-2014-11-20/commands.c:176
#5  __uqmi_run_commands (qmi=qmi at entry=0x60b580 <dev.8732>, option=option at entry=false)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/wi-uqmi-2014-11-20/commands.c:218
#6  0x00000000004033cb in uqmi_run_commands (qmi=qmi at entry=0x60b580 <dev.8732>)
    at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/wi-uqmi-2014-11-20/commands.c:236
#7  0x00000000004012df in main (argc=5, argv=0x7fffffffed58) at /home/wirouter/Projects/OpenWRT/x86/build_dir/target-x86_64_uClibc-0.9.33.2/wi-uqmi-2014-11-20/main.c:126

This is a raw message read by --get-raw-message (phone number is masked):

"07 91 ** ** ** ** ** f* 04 0b 91 ** ** ** ** ** f* 00 08 41 11 02 41 42 15 40 08 01 04 01 06 01 18 01 41"

I figured out that cause of this lies in function cmd_wms_get_message_cb().
There is a call for blobmsg_open_table() and blobmsg_close_table()
at the end, but in meantime there is also return from function when readed
data is invalid or not supported, like Unicode, so blobmsg_close_table()
is not invoked. Propossed patch using "goto" follows. But still program
returns 0 meaning SUCCESS, I don't known how to handle this.
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list