Attention is currently required from: lynxis lazus.

Patch set 2:Code-Review +1

View Change

6 comments:

• File src/sgsn/gprs_gmm.c:

  • Patch Set #2, Line 1645: osmo_routing_area_id_decode(&old_ra_id, cur, msgb_l3len(msg) - 3);

    where does the 3 come from? "cur - gh" ?

  • Patch Set #2, Line 1729: bssgp_parse_cell_id2(&new_ra_id, NULL, msgb_bcid(msg), 8);

    isn't this 8 you hardcoded supposed to be passed from space available in msg to avoid read out of bounds?

  • Patch Set #2, Line 1772: bssgp_parse_cell_id2(&mmctx->ra, NULL, msgb_bcid(msg), 8);

    isn't this 8 you hardcoded supposed to be passed from space available in msg to avoid read out of bounds?

  • Patch Set #2, Line 2346: bssgp_parse_cell_id2(&ra_id, NULL, msgb_bcid(msg), 8);

    isn't this 8 you hardcoded supposed to be passed from space available in msg to avoid read out of bounds?

• File src/sgsn/gprs_sndcp.c:

  • Patch Set #2, Line 837: bssgp_parse_cell_id2(&sne->ra_id, NULL, msgb_bcid(msg), 8);

    same

• File src/sgsn/gprs_subscriber.c:

  • Patch Set #2, Line 880: if (subscr->lac != mmctx->ra.lac.lac)

    we should add a define to name "lac" as "lai" in that struct :)

To view, visit change 37860. To unsubscribe, or for help writing mail filters, visit settings.