[PATCH] libosmocore[master]: Add null-pointer check to osmo_amr_rtp_dec()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Mon Nov 7 14:20:10 UTC 2016


Review at  https://gerrit.osmocom.org/1206

Add null-pointer check to osmo_amr_rtp_dec()

Check that RTP payload we're about to decode is not NULL and return
proper error code instead of segfaulting. Add corresponding test case.

Change-Id: Ib6cda9900a41ed16bbfbde9df3de9d38e0a7469b
---
M src/codec/gsm690.c
M tests/codec/codec_test.c
2 files changed, 12 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/06/1206/1

diff --git a/src/codec/gsm690.c b/src/codec/gsm690.c
index 0f4bf8f..c3cb932 100644
--- a/src/codec/gsm690.c
+++ b/src/codec/gsm690.c
@@ -252,6 +252,9 @@
 		     int8_t *cmi, enum osmo_amr_type *ft,
 		     enum osmo_amr_quality *bfi, int8_t *sti)
 {
+	if (payload_len < 2 || !rtppayload)
+		return -EINVAL;
+
 	/* RFC 4867 § 4.4.2 ToC - compound payloads are not supported: F = 0 */
 	uint8_t type = (rtppayload[1] >> 3) & 0xf;
 
@@ -261,9 +264,6 @@
 
 	if (payload_len - 2 < amr_len_by_ft[type])
 		return -ENOTSUP;
-
-	if (payload_len < 2)
-		return -EINVAL;
 
 	if (ft)
 		*ft = type;
diff --git a/tests/codec/codec_test.c b/tests/codec/codec_test.c
index 5b934b1..f944f38 100644
--- a/tests/codec/codec_test.c
+++ b/tests/codec/codec_test.c
@@ -38,12 +38,17 @@
 
 static void test_sid_dec(const uint8_t *t, size_t len)
 {
-	uint8_t cmr, tmp[SID_LEN];
+	uint8_t cmr, tmp[SID_LEN], *t2 = NULL;
 	enum osmo_amr_type ft;
 	enum osmo_amr_quality bfi;
 	int8_t sti, cmi;
-	memcpy(tmp, t, SID_LEN);
-	int rc = osmo_amr_rtp_dec(tmp, len, &cmr, &cmi, &ft, &bfi, &sti);
+	if (t) {
+		memcpy(tmp, t, SID_LEN);
+		t2 = tmp;
+	}
+	int rc = osmo_amr_rtp_dec(t2, len, &cmr, &cmi, &ft, &bfi, &sti);
+	if (rc < 0)
+		return;
 	printf("[%d] decode RTP %s%s: FT %s, CMR %s, CMI is %d, SID type %s\t",
 	       rc, osmo_hexdump(tmp, len), cmpr(bfi, AMR_GOOD),
 	       get_value_string(osmo_amr_type_names, ft),
@@ -94,6 +99,7 @@
 	printf("AMR RTP payload decoder test:\n");
 	test_sid_dec(sid_first, 7);
 	test_sid_dec(sid_update, 7);
+	test_sid_dec(NULL, 7);
 	test_amr_rt(0, AMR_NO_DATA, AMR_BAD);
 	test_amr_rt(0, AMR_NO_DATA, AMR_GOOD);
 	test_amr_rt(AMR_12_2, AMR_12_2, AMR_BAD);

-- 
To view, visit https://gerrit.osmocom.org/1206
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib6cda9900a41ed16bbfbde9df3de9d38e0a7469b
Gerrit-PatchSet: 1
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>



More information about the gerrit-log mailing list