summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2014-05-28 16:44:34 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2014-05-28 17:00:56 +0200
commit4f0381b1c32a7d238d5ef1bb3146ec5f299c0e9e (patch)
treef0606242c7382de57f27941bfc90b08379a0e4a8
parentb691bf1d54231a1bbabe7b4d7083603f9841d7de (diff)
mgcp: Address scanf issue already found by cppcheck and now ASAN
Use the right size for scanf. ================================================================= ==6106== ERROR: AddressSanitizer: unknown-crash on address 0xbffff4b0 at pc 0xb69d87fd bp 0xbffff248 sp 0xbffff21c WRITE of size 65 at 0xbffff4b0 thread T0 #0 0xb69d87fc (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0xa7fc) #1 0xb69d9239 (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0xb239) #2 0xb69d92d6 (/usr/lib/i386-linux-gnu/libasan.so.0.0.0+0xb2d6) #3 0x804f151 (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x804f151) #4 0x80531e8 (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x80531e8) #5 0x8051e6f (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x8051e6f) #6 0x8049b0a (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x8049b0a) #7 0x804bd9e (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x804bd9e) #8 0xb6778a62 (/lib/i386-linux-gnu/i686/cmov/libc-2.18.so+0x19a62) #9 0x8049330 (/home/ich/source/gsm/openbsc/openbsc/tests/mgcp/mgcp_test+0x8049330) Address 0xbffff4b0 is located at offset 416 in frame <parse_sdp_data> of T0's stack: This frame has 8 object(s): [32, 36) 'audio_payload' [96, 100) 'payload' [160, 164) 'channels' [224, 228) 'ptime' [288, 292) 'port' [352, 368) 'ipv4' [416, 480) 'audio_name' [512, 576) 'audio_codec' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are*
-rw-r--r--openbsc/src/libmgcp/mgcp_protocol.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/openbsc/src/libmgcp/mgcp_protocol.c b/openbsc/src/libmgcp/mgcp_protocol.c
index d4088a166..1a88a84b3 100644
--- a/openbsc/src/libmgcp/mgcp_protocol.c
+++ b/openbsc/src/libmgcp/mgcp_protocol.c
@@ -621,7 +621,7 @@ static int parse_sdp_data(struct mgcp_rtp_end *rtp, struct mgcp_parse_data *p)
if (audio_payload == -1)
break;
- if (sscanf(line, "a=rtpmap:%d %64s",
+ if (sscanf(line, "a=rtpmap:%d %63s",
&payload, audio_name) == 2) {
if (payload != audio_payload)
break;