<p>fixeria <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-pcu/+/18432">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
laforge: Looks good to me, but someone else must approve
pespin: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">csn1: fix csnStreamEncoder(): always check the choice index<br><br>It's so easy to pick an out of bounds value otherwise...<br><br>Change-Id: I12f5ab739b97f1f3b5d4bed1b5a4a661c879e89f<br>---<br>M src/csn1.c<br>1 file changed, 6 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/csn1.c b/src/csn1.c</span><br><span>index 700c342..5b60399 100644</span><br><span>--- a/src/csn1.c</span><br><span>+++ b/src/csn1.c</span><br><span>@@ -1803,7 +1803,6 @@</span><br><span> case CSN_CHOICE:</span><br><span> {</span><br><span> gint16 count = pDescr->i;</span><br><span style="color: hsl(0, 100%, 40%);">- guint8 i = 0;</span><br><span> const CSN_ChoiceElement_t* pChoice = (const CSN_ChoiceElement_t*) pDescr->descr.ptr;</span><br><span> </span><br><span> /* Make sure that the list of choice items is not empty */</span><br><span>@@ -1812,9 +1811,12 @@</span><br><span> else if (count > 255) /* We can handle up to 256 (UCHAR_MAX) selectors */</span><br><span> return ProcessError(writeIndex, "csnStreamEncoder", CSN_ERROR_IN_SCRIPT, pDescr);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- pui8 = pui8DATA(data, pDescr->offset);</span><br><span style="color: hsl(0, 100%, 40%);">- i = *pui8;</span><br><span style="color: hsl(0, 100%, 40%);">- pChoice += i;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Make sure that choice index is not out of range */</span><br><span style="color: hsl(120, 100%, 40%);">+ pui8 = pui8DATA(data, pDescr->offset);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (*pui8 >= count)</span><br><span style="color: hsl(120, 100%, 40%);">+ return ProcessError(writeIndex, "csnStreamEncoder", CSN_ERROR_INVALID_UNION_INDEX, pDescr);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ pChoice += *pui8;</span><br><span> guint8 no_of_bits = pChoice->bits;</span><br><span> guint8 value = pChoice->value;</span><br><span> LOGPC(DCSN1, LOGL_DEBUG, "%s = %u | ", pChoice->descr.sz , (unsigned)value);</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-pcu/+/18432">change 18432</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-pcu/+/18432"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-pcu </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I12f5ab739b97f1f3b5d4bed1b5a4a661c879e89f </div>
<div style="display:none"> Gerrit-Change-Number: 18432 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>