This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Jacob Erlbeck jerlbeck at sysmocom.deCurrently msgb_trim only checks for len > data_len and returns -1
in that case, allowing the caller to fix it somehow. Using a negative
length will always lead to a corrupt msgb, but this is not being
checked.
This commit adds a check for len < 0 and a conditional call to MSGB_ABORT.
Sponsored-by: On-Waves ehf
---
include/osmocom/core/msgb.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/osmocom/core/msgb.h b/include/osmocom/core/msgb.h
index 9c99cad..b057caa 100644
--- a/include/osmocom/core/msgb.h
+++ b/include/osmocom/core/msgb.h
@@ -373,6 +373,8 @@ static inline void msgb_reserve(struct msgb *msg, int len)
*/
static inline int msgb_trim(struct msgb *msg, int len)
{
+ if (len < 0)
+ MSGB_ABORT(msg, "Negative length is not allowed\n");
if (len > msg->data_len)
return -1;
--
1.9.1