On 19.11.2015 15:34, Neels Hofmeyr wrote:
+/*! \brief Copy an msgb.
I'd write just "a" here, not "an". I seem to be the English nitpicker among us ;)
I do not agree in this case. "msgb" is read em-es-... thus starting with a vowel sound. See http://www.macmillandictionary.com/dictionary/british/an_1 ("an X-ray").
+int msgb_resize_area(struct msgb *msg, uint8_t *area,
size_t old_size, size_t new_size)+{
- int rc;
- uint8_t *rest = area + old_size;
- int rest_len = msg->len - old_size - (area - msg->data);
- int delta_size = (int)new_size - (int)old_size;
- if (area < msg->data || rest > msg->tail)
MSGB_ABORT(msg, "Sub area is not fully contained in the msg data\n");Just to be super paranoid: old_size is unsigned, sure, but uint8_t *rest could wrap when old_size is (accidentally/crafted) passed as very very large. I could pass area > msg->tail with rest < msg->tail.
Also, if new_size were past INT_MAX, (int)new_size would end up negative. Same for old_size. My head is spinning a bit from trying to figure out the result of the subtraction in those cases... ;)
What do you think? Not relevant for any normal use, sure, but should we rule out those cases entirely?
You are right. So a quick fix is to check for rest < area in addition.
Jacob