This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Freyther holger at freyther.de
> On 04 Oct 2015, at 11:22, Holger Hans Peter Freyther <holger at freyther.de> wrote:
>
>
> + uint8_t allocated_cid;
...
> + endp->osmux.allocated_cid = -1;
that doesn't mix too well. This means I assigned 255 to the value and then we have
the next funny business in:
char osmux_extension[strlen("X-Osmux: 255")];
buf[0] = buf[39] = '\0';
ret = sscanf(tok, "%*s %s", buf);
if (ret != 1) {
LOGP(DMGCP, LOGL_ERROR,
"Failed to find Endpoint in: %s\n", tok);
return;
}
if (osmux_cid >= 0)
sprintf(osmux_extension, "\nX-Osmux: %u", osmux_cid);
1.) osmux_extension doesn't account for the \n
2.) osmux_extension doesn't account for the \0 at the end of the string
3.) we use '%u' so nothing in this method checks if this is a uint8_t.
I will increase the buffer a bit. This would have started to crash on
tripple digit osmux cid's (so on setup of the 101st call).
holger