jolly has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/41138?usp=email )
Change subject: Correctly calculate size iofd_msgb_alloc2() ......................................................................
Correctly calculate size iofd_msgb_alloc2()
When limiting headroom value to 16 bits, the allocated buffer will be too small, if headroom exceeds 65535.
Related: Coverity CID#548925 Change-Id: I16c1e08fb64a1fafaeee1844fd8c00ecc2861d12 --- M src/core/osmo_io.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/38/41138/1
diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c index 399a604..708d2c0 100644 --- a/src/core/osmo_io.c +++ b/src/core/osmo_io.c @@ -187,7 +187,7 @@ /*! convenience wrapper to call msgb_alloc with parameters from osmo_io_fd (of given size) */ struct msgb *iofd_msgb_alloc2(struct osmo_io_fd *iofd, size_t size) { - uint16_t headroom = iofd->msgb_alloc.headroom; + size_t headroom = iofd->msgb_alloc.headroom;
OSMO_ASSERT(size <= 0xffff - headroom); return msgb_alloc_headroom_c(iofd, size + headroom, headroom, "osmo_io_msgb");