i had that patch done already. (see attachment)
what was the message id? I didn't see it.
Could you please answer this one?
hi holger,
sorry, i did not express myself well enough. i meant that i already
wrote the patch, but did not send it to the mailing list.
> This lacks input validation. The code needs to
check that the data
> we read is within the bounds of the msgb and the data we write is within
> the bounds too.
i added a check that limits the GSM frames to 33 octets (full
speech).
(AMR requires only 31 octets + 1 octet length indicator.) an MNCC
message has much larger msgb allocation when received. see attachment.
best regards
andreas