[PATCH 1/6] msgb: Add msgb_resize_area and msgb_copy

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Jacob Erlbeck jerlbeck at sysmocom.de
Tue Nov 24 08:40:48 UTC 2015


On 19.11.2015 15:34, Neels Hofmeyr wrote:
> +/*! \brief Copy an msgb.
> 
> I'd write just "a" here, not "an". I seem to be the English nitpicker
> among us ;)

I do not agree in this case. "msgb" is read em-es-... thus starting with
a vowel sound. See
http://www.macmillandictionary.com/dictionary/british/an_1 ("an X-ray").

> +int msgb_resize_area(struct msgb *msg, uint8_t *area,
> +			    size_t old_size, size_t new_size)
> +{
> +	int rc;
> +	uint8_t *rest = area + old_size;
> +	int rest_len = msg->len - old_size - (area - msg->data);
> +	int delta_size = (int)new_size - (int)old_size;
> +
> +	if (area < msg->data || rest > msg->tail)
> +		MSGB_ABORT(msg, "Sub area is not fully contained in the msg data\n");
> 
> Just to be super paranoid: old_size is unsigned, sure, but uint8_t *rest
> could wrap when old_size is (accidentally/crafted) passed as very very
> large. I could pass area > msg->tail with rest < msg->tail.
> 
> Also, if new_size were past INT_MAX, (int)new_size would end up negative.
> Same for old_size. My head is spinning a bit from trying to figure out the
> result of the subtraction in those cases... ;)
> 
> What do you think? Not relevant for any normal use, sure, but should we
> rule out those cases entirely?

You are right. So a quick fix is to check for rest < area in addition.

Jacob

-- 
- Jacob Erlbeck <jerlbeck at sysmocom.de>       http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Directors: Holger Freyther, Harald Welte



More information about the OpenBSC mailing list