4 May
2014
4 May
'14
11:17 a.m.
i had that patch done already. (see attachment)
what was the message id? I didn't see it.
Could you please answer this one?
hi holger,
sorry, i did not express myself well enough. i meant that i already wrote the patch, but did not send it to the mailing list.
This lacks input validation. The code needs to check that the data we read is within the bounds of the msgb and the data we write is within the bounds too.
i added a check that limits the GSM frames to 33 octets (full speech). (AMR requires only 31 octets + 1 octet length indicator.) an MNCC message has much larger msgb allocation when received. see attachment.
best regards
andreas