Attention is currently required from: laforge, pespin.
1 comment:
File src/sm/sm_pdu.c:
rc = osmo_apn_from_str(msg->tail, msgb_tailroom(msg), sme->apn);
if (rc < 0)
return -EINVAL;
*l = rc;
msgb_put(msg, *l);
IMHO this is highly unusual: passing a pointer to msg->tail and storing some data before doing the msgb_put. All the "legacy" code that I recall does the msgb_put() first. It would at that point ASSERT if we ever overrun msgb_tailroom, before anything is memcpying over it.
I would not say it's highly unusual, but rather a common practice in cases when you don't know how much to `msgb_put()` before calling a buffer filling function, e.g. `read()` or `recv()`.
Below are grep results for all my local repositories (39 matches total):
```
$ ./gits do grep "msg->tail, msgb_tailroom" | grep "msgb_tailroom[(]" | wc -l
13
$ ./gits do grep "msg->data, msgb_tailroom" | grep "msgb_tailroom[(]" | wc -l
9
$ ./gits do grep "msgb_data(msg), msgb_tailroom" | grep "msgb_tailroom[(]" | wc -l
17
```
To view, visit change 32644. To unsubscribe, or for help writing mail filters, visit settings.