Potential bug / problematic code in gsm411_rx_rl_data()

Bhaskar11 niceguy108 at gmail.com
Wed Jan 2 07:13:59 UTC 2013


In gsm411_sms.c the function gsm411_rx_rl_data receives "struct gsm48_hdr
*gh" as input then in very first line typecasts the pointer to "struct
gsm411_rp_hdr *rp_data" to access its "data" field.

struct gsm411_rp_hdr *rp_data = (struct gsm411_rp_hdr*)&gh->data;


But the two header structures have their "data" fields offset by one byte
as in:

struct gsm411_rp_hdr {
> uint8_t len;
> uint8_t msg_type;
> uint8_t msg_ref;
> uint8_t data[0];
> } __attribute__ ((packed));
>


> struct gsm48_hdr {
> uint8_t proto_discr;
> uint8_t msg_type;
> uint8_t data[0];
> } __attribute__((packed));



Obviously this displacement has been compensated for elsewhere in the code
as the application works. But this seems to be inadvertent. And if it is
deliberate, it is risky programming practice and could create problems
later on.

Request you to correct and update suitably.

Thanks.

B.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/baseband-devel/attachments/20130102/bc6a7606/attachment.html>


More information about the baseband-devel mailing list