This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Pablo Neira Ayuso gerrit-no-reply at lists.osmocom.orgPatch Set 3: (1 comment) https://gerrit.osmocom.org/#/c/3537/3/src/osmux.c File src/osmux.c: Line 918: SNPRINTF_BUFFER_SIZE(ret, buf_offset, size); > I have no idea if the code initially fetching the AMR size from RTP is doin OK, I'm reviewing this function. It seems this check is not working. if (msg_len < sizeof(struct osmux_hdr)) msg_len is int, while sizeof is unsigned. C takes the left hand side of the relational as unsigned, so this branch never evaluates true. Then, we start accessing out of bound memory area. -- To view, visit https://gerrit.osmocom.org/3537 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I695771d099833842db37a415b636035d17f1bba7 Gerrit-PatchSet: 3 Gerrit-Project: libosmo-netif Gerrit-Branch: master Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Holger Freyther <holger at freyther.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de> Gerrit-Reviewer: Pablo Neira Ayuso <pablo at gnumonks.org> Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-HasComments: Yes