Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FIX(server): Crash due to dereferencing invalid iterator #5628

Conversation

Krzmbrzl
Copy link
Member

@Krzmbrzl Krzmbrzl commented Apr 18, 2022

1d45d99 refactored the audio processing
on the server and introduced the new AudioReceiverBuffer class. In the
function that is responsible for obtaining the current range of
receivers that shall obtain the identical audio packet, the passed begin
iterator was always dereferenced. However, in the case in which the
receiver list is actually empty begin == end and therefore dereferencing
the begin iterator is undefined behavior.

This could lead to the entire server crashing (or could work just fine -
UB is great at this) but in any case, this is a severe problem.

The fix consists of a simple check for this specific situation and an
early return in that case.

Checks

@Krzmbrzl Krzmbrzl added server bug A bug (error) in the software labels Apr 18, 2022
@Krzmbrzl
Copy link
Member Author

Bug discovered by @irakr

1d45d99 refactored the audio processing
on the server and introduced the new AudioReceiverBuffer class. In the
function that is responsible for obtaining the current range of
receivers that shall obtain the identical audio packet, the passed begin
iterator was always dereferenced. However, in the case in which the
receiver list is actually empty begin == end and therefore dereferencing
the begin iterator is undefined behavior.

This could lead to the entire server crashing (or could work just fine -
UB is great at this) but in any case, this is a severe problem.

The fix consists of a simple check for this specific situation and an
early return in that case.

Co-Authored-By: Irak Rigia <tarakrigia@gmail.com>
@Krzmbrzl Krzmbrzl force-pushed the fix-server-crash-due-to-invalid-iterator-dereference branch from 13f9ee1 to 06f94b4 Compare April 18, 2022 10:18
@Krzmbrzl Krzmbrzl merged commit aae451a into mumble-voip:master Apr 19, 2022
@Krzmbrzl Krzmbrzl deleted the fix-server-crash-due-to-invalid-iterator-dereference branch November 9, 2022 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug A bug (error) in the software server
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants