This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/1206 Add null-pointer check to osmo_amr_rtp_dec() Check that RTP payload we're about to decode is not NULL and return proper error code instead of segfaulting. Add corresponding test case. Change-Id: Ib6cda9900a41ed16bbfbde9df3de9d38e0a7469b --- M src/codec/gsm690.c M tests/codec/codec_test.c 2 files changed, 12 insertions(+), 6 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/06/1206/1 diff --git a/src/codec/gsm690.c b/src/codec/gsm690.c index 0f4bf8f..c3cb932 100644 --- a/src/codec/gsm690.c +++ b/src/codec/gsm690.c @@ -252,6 +252,9 @@ int8_t *cmi, enum osmo_amr_type *ft, enum osmo_amr_quality *bfi, int8_t *sti) { + if (payload_len < 2 || !rtppayload) + return -EINVAL; + /* RFC 4867 § 4.4.2 ToC - compound payloads are not supported: F = 0 */ uint8_t type = (rtppayload[1] >> 3) & 0xf; @@ -261,9 +264,6 @@ if (payload_len - 2 < amr_len_by_ft[type]) return -ENOTSUP; - - if (payload_len < 2) - return -EINVAL; if (ft) *ft = type; diff --git a/tests/codec/codec_test.c b/tests/codec/codec_test.c index 5b934b1..f944f38 100644 --- a/tests/codec/codec_test.c +++ b/tests/codec/codec_test.c @@ -38,12 +38,17 @@ static void test_sid_dec(const uint8_t *t, size_t len) { - uint8_t cmr, tmp[SID_LEN]; + uint8_t cmr, tmp[SID_LEN], *t2 = NULL; enum osmo_amr_type ft; enum osmo_amr_quality bfi; int8_t sti, cmi; - memcpy(tmp, t, SID_LEN); - int rc = osmo_amr_rtp_dec(tmp, len, &cmr, &cmi, &ft, &bfi, &sti); + if (t) { + memcpy(tmp, t, SID_LEN); + t2 = tmp; + } + int rc = osmo_amr_rtp_dec(t2, len, &cmr, &cmi, &ft, &bfi, &sti); + if (rc < 0) + return; printf("[%d] decode RTP %s%s: FT %s, CMR %s, CMI is %d, SID type %s\t", rc, osmo_hexdump(tmp, len), cmpr(bfi, AMR_GOOD), get_value_string(osmo_amr_type_names, ft), @@ -94,6 +99,7 @@ printf("AMR RTP payload decoder test:\n"); test_sid_dec(sid_first, 7); test_sid_dec(sid_update, 7); + test_sid_dec(NULL, 7); test_amr_rt(0, AMR_NO_DATA, AMR_BAD); test_amr_rt(0, AMR_NO_DATA, AMR_GOOD); test_amr_rt(AMR_12_2, AMR_12_2, AMR_BAD); -- To view, visit https://gerrit.osmocom.org/1206 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib6cda9900a41ed16bbfbde9df3de9d38e0a7469b Gerrit-PatchSet: 1 Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de>