This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Harald Welte laforge at gnumonks.orgfound by -fsanitize=address the last iteration of the loop, where i ==
259 and o == 260. It is read out-of-bounds but the content is never
used.
---
openbsc/src/libtrau/trau_mux.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/openbsc/src/libtrau/trau_mux.c b/openbsc/src/libtrau/trau_mux.c
index fd1895f..4f159e4 100644
--- a/openbsc/src/libtrau/trau_mux.c
+++ b/openbsc/src/libtrau/trau_mux.c
@@ -436,6 +436,9 @@ void trau_encode_fr(struct decoded_trau_frame *tf,
o = 0; /* offset output bits */
while (i < 260) {
tf->d_bits[k+o] = (data[j/8] >> (7-(j%8))) & 1;
+ /* to avoid out-of-bounds access in gsm_fr_map[++l] */
+ if (i == 259)
+ break;
if (--k < 0) {
o += gsm_fr_map[l];
k = gsm_fr_map[++l]-1;
--
2.0.0
--
- Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)