diff options
| author | Pablo Neira Ayuso <pablo@gnumonks.org> | 2017-09-04 20:35:36 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-09-11 18:06:37 +0000 |
| commit | 14af167a5553519d8164f4a21556888535eeefeb (patch) | |
| tree | f851eb5db131ed26c4fabcc57bdff06d226965b5 /src/rtp.c | |
| parent | 9c5f01e7b2cb1455314443ceaeb035326354d280 (diff) | |
osmux: fix buffer management mess in snprintf() calls
SNPRINTF_BUFFER_SIZE() looks too complex, previous version maintains two
different variables to account for the remaining space in the buffer,
one of them is always decremented based on what snprintf() returns,
which may result in underflow. These variables are swapped - not used
consistently - all over this code.
Replace this macro by a simplified version, with one single parameter to
account for remaining space. This macro also deals with two corner
cases:
1) snprintf() fails, actually never happens in practise, but
documentation indicates it may return -1, so let's catch this case
from here to stick to specs.
2) There is not enough space in the buffer, in that case, keep
increasing offset, so we know how much would have been printed, just
like snprintf() does.
Thanks to Pau Espin for reporting, and Holger for clues on this.
I have run osmux_test and, at quick glance, it looks good.
Change-Id: I5b5d6ec57a02f57c23b1ae86dbd894bad28ea797
Diffstat (limited to 'src/rtp.c')
| -rw-r--r-- | src/rtp.c | 27 |
1 files changed, 14 insertions, 13 deletions
@@ -185,19 +185,20 @@ osmo_rtp_build(struct osmo_rtp_handle *h, uint8_t payload_type, return msg; } -#define SNPRINTF_BUFFER_SIZE(ret, size, len, offset) \ - size += ret; \ - if (ret > len) \ - ret = len; \ +#define SNPRINTF_BUFFER_SIZE(ret, remain, offset) \ + if (ret < 0) \ + ret = 0; \ offset += ret; \ - len -= ret; + if (ret > remain) \ + ret = remain; \ + remain -= ret; int osmo_rtp_snprintf(char *buf, size_t size, struct msgb *msg) { + unsigned int remain = size, offset = 0; struct rtp_hdr *rtph; - int ret, i; uint8_t *payload; - unsigned int len = size, offset = 0; + int ret, i; rtph = osmo_rtp_get_hdr(msg); if (rtph == NULL) @@ -205,22 +206,22 @@ int osmo_rtp_snprintf(char *buf, size_t size, struct msgb *msg) payload = (uint8_t *)rtph + sizeof(struct rtp_hdr); - ret = snprintf(buf, len, "RTP ver=%01u ssrc=%u type=%02u " + ret = snprintf(buf, remain, "RTP ver=%01u ssrc=%u type=%02u " "marker=%01u ext=%01u csrc_count=%01u " "sequence=%u timestamp=%u [", rtph->version, ntohl(rtph->ssrc), rtph->payload_type, rtph->marker, rtph->extension, rtph->csrc_count, ntohs(rtph->sequence), ntohl(rtph->timestamp)); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); for (i=0; i<msg->len - sizeof(struct rtp_hdr); i++) { - ret = snprintf(buf+offset, len, "%02x ", payload[i]); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + ret = snprintf(buf + offset, remain, "%02x ", payload[i]); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); } - ret = snprintf(buf+offset, len, "]"); - SNPRINTF_BUFFER_SIZE(ret, size, len, offset); + ret = snprintf(buf + offset, remain, "]"); + SNPRINTF_BUFFER_SIZE(ret, remain, offset); return offset; } |