Attention is currently required from: arehbein, pespin, daniel.
fixeria has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/33083 )
Change subject: gsm/ipa: Add segmentation callback ......................................................................
Patch Set 10: Code-Review-1
(7 comments)
File src/gsm/ipa.c:
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/854abcf7_d002ad5c PS8, Line 728: * -EIO, if the header declares a payload too large */
*/ on the next line
Done
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/3a4ea39a_1c162155 PS8, Line 735: const struct ipaccess_head *hh = (const struct ipaccess_head *) msg->data;
Agreeing with Pau here. […]
Done
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/33e71ea9_d53bedf9 PS8, Line 737: size_t total_len = payload_len + sizeof(*hh);
"sizeof(*hh) + payload_len;" it's logically easier to understand, as in lefto-to-right order filling […]
Done
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/821e589a_d23d9a03 PS8, Line 738: if (msgb_tailroom(msg) + msgb_length(msg) < total_len) {
iiuc the problem here is that the allocated msgb space is not going to be enough to fit in what IP […]
Done
File src/gsm/ipa.c:
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/441ff0d5_56f4edf9 PS10, Line 733: osmo_ntohs(hh->len); Now the problem is that you're accessing the buffer before checking if there is enough data in it.
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/d6b63790_c2f79979 PS10, Line 735: msgb_length(msg) + msgb_tailroom(msg); This is incorrect. `msgb_length(msg)` is basically `msg->len`, which does include the tailroom and headroom. Please revert back to `msg->len` or `msgb_length(msg)` alone.
https://gerrit.osmocom.org/c/libosmocore/+/33083/comment/bcbc3027_8e493c26 PS10, Line 744: EIO `ENOMEM` or `ENOSPC` is a better fit here, IMO.
-
fixeria