dexter has submitted this change and it was merged. (
https://gerrit.osmocom.org/13211 )
Change subject: amr: be sure result of osmo_amr_bwe_to_oa() fits into int buf
......................................................................
amr: be sure result of osmo_amr_bwe_to_oa() fits into int buf
osmo_amr_bwe_to_oa() uses an internal buffer with static size to store
intermediate results. The buffer is large enough for any real world
situation, but the check that tests if the result would fit into the
internal buffer is incorrect. It checks if there is enough room for the
existing payload, but does not include the expected growth of the
payload. Eventually the buffer could be overrun by one byte if one would
put a 256 byte long AMR payload.
Fixes: CID#195926
Change-Id: I4d7ac570a0b48368a82183673c46bca5f235f228
---
M src/amr.c
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Jenkins Builder: Verified
Max: Looks good to me, but someone else must approve
Pau Espin Pedrol: Looks good to me, approved
diff --git a/src/amr.c b/src/amr.c
index 9b423e8..9c63f60 100644
--- a/src/amr.c
+++ b/src/amr.c
@@ -158,7 +158,7 @@
if (payload_len + 1 > payload_maxlen)
return -1;
- if (payload_len > sizeof(buf))
+ if (payload_len + 1 > sizeof(buf))
return -1;
buf[0] = payload[0] & 0xf0;
--
To view, visit https://gerrit.osmocom.org/13211
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: libosmo-netif
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I4d7ac570a0b48368a82183673c46bca5f235f228
Gerrit-Change-Number: 13211
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <pma...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Max <msur...@sysmocom.de>
Gerrit-Reviewer: Pau Espin Pedrol <pes...@sysmocom.de>
Gerrit-Reviewer: dexter <pma...@sysmocom.de>
