laforge submitted this change.

View Change


Approvals: Jenkins Builder: Verified laforge: Looks good to me, approved 
gbprox_rx_ptp_from_bss: fix dangling pointer

Building with gcc (Debian 12.2.0-14) 12.2.0 and --enable-werror fails
without this during "make distcheck":

../../../src/gb_proxy.c:450:24: error: storing the address of local variable 'tp' in '((struct libgb_msgb_cb *)msg)[2].bssgp_cell_id' [-Werror=dangling-pointer=]
  450 |         msgb_bcid(msg) = (void *)&tp;

This means that gcc now warns (and we turn that into an error) if one
assigns the address of a local (stack) variable to something allocated
on the heap, and doesn't remove that reference before ending the function
(invalidating the stack).

Related: OS#6057
Change-Id: Ie51e37572993cb5dc24ecf13bc300225f09cb744
---
M src/gb_proxy.c
1 file changed, 23 insertions(+), 0 deletions(-)

diff --git a/src/gb_proxy.c b/src/gb_proxy.c
index a7554a6..356bec8 100644
--- a/src/gb_proxy.c
+++ b/src/gb_proxy.c
@@ -532,6 +532,8 @@
 	if (rc < 0)
 		rate_ctr_inc(rate_ctr_group_get_ctr(bss_bvc->ctrg, GBPROX_PEER_CTR_FWD_FROM_BSS_ERR));
 
+	/* avoid a dangling pointer from heap to stack (see above "hack" to set it to &tp) */
+	msgb_bcid(msg) = 0;
 	return 0;
 }

To view, visit change 33738. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: osmo-gbproxy
Gerrit-Branch: master
Gerrit-Change-Id: Ie51e37572993cb5dc24ecf13bc300225f09cb744
Gerrit-Change-Number: 33738
Gerrit-PatchSet: 3
Gerrit-Owner: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: daniel <dwillmann@sysmocom.de>
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged