This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/4684 trx: Better be safe than sorry before calling strlen There's a lot of pointer arithmetic in trx_ctrl_read_cb which is not so nice. While I believe the current code is safe, Coverity raises "CID 178665: Insecure data handling (INTEGER_OVERFLOW)" regardin the use of rsp_len in the strcmp(). Let's put some OSMO_ASSERT() in front and hope that makes Coverity happy. Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05 --- M src/osmo-bts-trx/trx_if.c 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/84/4684/1 diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index a41cf2c..5d8f6c4 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -391,6 +391,8 @@ "message '%s'\n", buf, tcm->cmd); goto rsp_error; } + OSMO_ASSERT(strlen(buf+4) >= rsp_len); + OSMO_ASSERT(strlen(tcm->cmd+4) >= rsp_len); if (!!strncmp(buf + 4, tcm->cmd + 4, rsp_len)) goto notmatch; -- To view, visit https://gerrit.osmocom.org/4684 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5a9b3307f83cdde7c8e9f66932446604f5623b05 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Harald Welte <laforge at gnumonks.org>