laforge has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/41138?usp=email )
Change subject: Correctly calculate size iofd_msgb_alloc2() ......................................................................
Correctly calculate size iofd_msgb_alloc2()
The storage size of 'headroom' must be larger than 16 bits. Otherwise a value above 65535 cannot be stored correctly and cause wrong calculation of msgb size.
Related: Coverity CID#548925 Change-Id: I16c1e08fb64a1fafaeee1844fd8c00ecc2861d12 --- M src/core/osmo_io.c 1 file changed, 3 insertions(+), 3 deletions(-)
Approvals: Jenkins Builder: Verified pespin: Looks good to me, approved laforge: Looks good to me, but someone else must approve
diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c index 399a604..10e6e3f 100644 --- a/src/core/osmo_io.c +++ b/src/core/osmo_io.c @@ -187,10 +187,10 @@ /*! convenience wrapper to call msgb_alloc with parameters from osmo_io_fd (of given size) */ struct msgb *iofd_msgb_alloc2(struct osmo_io_fd *iofd, size_t size) { - uint16_t headroom = iofd->msgb_alloc.headroom; + size_t headroom = iofd->msgb_alloc.headroom;
- OSMO_ASSERT(size <= 0xffff - headroom); - return msgb_alloc_headroom_c(iofd, size + headroom, headroom, "osmo_io_msgb"); + OSMO_ASSERT(size + headroom <= 0xffff); + return msgb_alloc_headroom_c(iofd, (uint16_t)(size + headroom), (uint16_t)headroom, "osmo_io_msgb"); }
/*! convenience wrapper to call msgb_alloc with parameters from osmo_io_fd */