This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgMax has submitted this change and it was merged. Change subject: Check readv() return value to prevent crash ...................................................................... Check readv() return value to prevent crash Previously result of readv() was used unconditionally so when it failed and returned negative value it was treated like very large positive which lead to memory corruption. Fix this and add proper error log. Change-Id: I956c8d551f45c9dd43b5e9de11dfe20dd8783647 Related: SYS#3865 --- M src/osmo-bts-litecell15/l1_transp_hw.c M src/osmo-bts-sysmo/l1_transp_hw.c 2 files changed, 16 insertions(+), 4 deletions(-) Approvals: Pau Espin Pedrol: Looks good to me, but someone else must approve Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/osmo-bts-litecell15/l1_transp_hw.c b/src/osmo-bts-litecell15/l1_transp_hw.c index 6381864..b526108 100644 --- a/src/osmo-bts-litecell15/l1_transp_hw.c +++ b/src/osmo-bts-litecell15/l1_transp_hw.c @@ -204,9 +204,15 @@ iov[i].iov_len = msgb_tailroom(msg[i]); } - rc = readv(ofd->fd, iov, ARRAY_SIZE(iov)); - count = rc / prim_size; + if (rc < 0) { + LOGP(DL1C, LOGL_ERROR, "failed to read from fd: %s\n", strerror(errno)); + /* N. B: we do not abort to let the cycle below cleanup allocated memory properly, + the return value is ignored by the caller anyway. + TODO: use libexplain's explain_readv() to provide detailed error description */ + count = 0; + } else + count = rc / prim_size; for (i = 0; i < count; ++i) { msgb_put(msg[i], prim_size); diff --git a/src/osmo-bts-sysmo/l1_transp_hw.c b/src/osmo-bts-sysmo/l1_transp_hw.c index da8ac3f..9c0a514 100644 --- a/src/osmo-bts-sysmo/l1_transp_hw.c +++ b/src/osmo-bts-sysmo/l1_transp_hw.c @@ -215,9 +215,15 @@ iov[i].iov_len = msgb_tailroom(msg[i]); } - rc = readv(ofd->fd, iov, ARRAY_SIZE(iov)); - count = rc / prim_size; + if (rc < 0) { + LOGP(DL1C, LOGL_ERROR, "failed to read from fd: %s\n", strerror(errno)); + /* N. B: we do not abort to let the cycle below cleanup allocated memory properly, + the return value is ignored by the caller anyway. + TODO: use libexplain's explain_readv() to provide detailed error description */ + count = 0; + } else + count = rc / prim_size; for (i = 0; i < count; ++i) { msgb_put(msg[i], prim_size); -- To view, visit https://gerrit.osmocom.org/3878 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I956c8d551f45c9dd43b5e9de11dfe20dd8783647 Gerrit-PatchSet: 5 Gerrit-Project: osmo-bts Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <msuraev at sysmocom.de> Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de> Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-Reviewer: daniel <dwillmann at sysmocom.de>