From c63971fab0d67bc52d7fd455529b844009aa8565 Mon Sep 17 00:00:00 2001
From: Pau Espin Pedrol <pespin@sysmocom.de>
Date: Fri, 15 Sep 2017 20:09:19 +0200
Subject: Fix Out of bounds compilation warning in OCTET8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The code in OCTET8 implementation assumes the len is placed inside the
byte preceding the memory buffer, which is true for the defined cases.
However, it creates a compilation warning. Better pass the value
directly from the struct field rather than playing addr games. this way
we also assert we require to explicitly pass the len.

Fixes lots of warning like the one below:
/home/pespin/dev/sysmocom/bin/../git/libsmpp34/src/smpp34_unpack.c: In function ‘smpp34_u
npack’:
/home/pespin/dev/sysmocom/bin/../git/libsmpp34/src/smpp34_unpack.c:147:14: warning: array
 subscript is above array bounds [-Warray-bounds]
     lenval = *((inst par) - 1);\
              ^~~~~~~~~~~~~~~~~
/home/pespin/dev/sysmocom/bin/../git/libsmpp34/def_frame/submit_sm.frame:18:2: note: in e
xpansion of macro ‘OCTET8’
  OCTET8( instancia, short_message, 254 );
  ^~~~~~

Change-Id: Id110f4e977c3becdb44cf5492c372e530ea51551
---
 def_frame/deliver_sm.frame   | 2 +-
 def_frame/replace_sm.frame   | 2 +-
 def_frame/submit_multi.frame | 2 +-
 def_frame/submit_sm.frame    | 2 +-
 src/smpp34_dumpPdu.c         | 3 +--
 src/smpp34_pack.c            | 3 +--
 src/smpp34_structs.h         | 2 +-
 src/smpp34_unpack.c          | 3 +--
 8 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/def_frame/deliver_sm.frame b/def_frame/deliver_sm.frame
index 2306f19..6cbd90d 100644
--- a/def_frame/deliver_sm.frame
+++ b/def_frame/deliver_sm.frame
@@ -15,5 +15,5 @@ C_OCTET( instancia, validity_period, 1 );
     U08( instancia, data_coding, valueDec_08 );
     U08( instancia, sm_default_msg_id, valueDec_08 );
     U08( instancia, sm_length, valueDec_08 );
- OCTET8( instancia, short_message, 254 );
+ OCTET8( instancia, short_message, 254, instancia sm_length );
     TLV( instancia, tlv, do_tlv_deliver_sm );
diff --git a/def_frame/replace_sm.frame b/def_frame/replace_sm.frame
index a35187d..641207e 100644
--- a/def_frame/replace_sm.frame
+++ b/def_frame/replace_sm.frame
@@ -7,4 +7,4 @@ C_OCTET( instancia, validity_period, 17 );
     U08( instancia, registered_delivery, valueDec_08 );
     U08( instancia, sm_default_msg_id, valueDec_08 );
     U08( instancia, sm_length, valueDec_08 );
- OCTET8( instancia, short_message, 254 );
+ OCTET8( instancia, short_message, 254, instancia sm_length );
diff --git a/def_frame/submit_multi.frame b/def_frame/submit_multi.frame
index 0c5fb31..e58fd36 100644
--- a/def_frame/submit_multi.frame
+++ b/def_frame/submit_multi.frame
@@ -14,5 +14,5 @@ C_OCTET( instancia, validity_period, 17 );
     U08( instancia, data_coding, valueDec_08 );
     U08( instancia, sm_default_msg_id, valueDec_08 );
     U08( instancia, sm_length, valueDec_08 );
- OCTET8( instancia, short_message, 254 );
+ OCTET8( instancia, short_message, 254, instancia sm_length );
     TLV( instancia, tlv, do_tlv_submit_multi );
diff --git a/def_frame/submit_sm.frame b/def_frame/submit_sm.frame
index 0a54421..bf8e560 100644
--- a/def_frame/submit_sm.frame
+++ b/def_frame/submit_sm.frame
@@ -15,5 +15,5 @@ C_OCTET( instancia, validity_period, 17 );
     U08( instancia, data_coding, valueDec_08 );
     U08( instancia, sm_default_msg_id, valueDec_08 );
     U08( instancia, sm_length, valueDec_08 );
- OCTET8( instancia, short_message, 254 );
+ OCTET8( instancia, short_message, 254, instancia sm_length );
     TLV( instancia, tlv, do_tlv_submit_sm );
diff --git a/src/smpp34_dumpPdu.c b/src/smpp34_dumpPdu.c
index 89d6e53..688f4ea 100644
--- a/src/smpp34_dumpPdu.c
+++ b/src/smpp34_dumpPdu.c
@@ -136,11 +136,10 @@ smpp34_dumpPdu(uint32_t type, uint8_t *dest, int size_dest, void* tt)
     _op(inst, par, size )\
 }
 
-#define OCTET8( inst, par, size ){\
+#define OCTET8( inst, par, size, lenval ){\
     int i = 0;\
     uint8_t *p = l_dest;\
     int dummy = 0;\
-    lenval = *((inst par) - 1);\
     if( (lenval + 33) >= left ){\
         PUTLOG("[%s:%s(%s)]", par, inst par, \
                                      "Value length exceed buffer length");\
diff --git a/src/smpp34_pack.c b/src/smpp34_pack.c
index b36e7a4..ef1c599 100644
--- a/src/smpp34_pack.c
+++ b/src/smpp34_pack.c
@@ -139,8 +139,7 @@ smpp34_pack(uint32_t type, uint8_t *ptrBuf, int ptrSize, int *ptrLen, void* tt)
     }\
 };
 
-#define OCTET8( inst, par, sizeval ){\
-    lenval = *((inst par) - 1);\
+#define OCTET8( inst, par, sizeval, lenval ){\
     if( lenval >= left ){\
         PUTLOG("[leng %s:%d(%s)]", par, lenval,\
                                       "Value length exceed buffer length");\
diff --git a/src/smpp34_structs.h b/src/smpp34_structs.h
index 71d22cd..7c83df8 100644
--- a/src/smpp34_structs.h
+++ b/src/smpp34_structs.h
@@ -75,7 +75,7 @@ typedef struct alert_notification_t alert_notification_t;
 
 #define O_C_OCTET( inst, par, size ) uint8_t par[ size ];
 #define C_OCTET( inst, par, size ) uint8_t par[ size ];
-#define OCTET8( inst, par, size ) uint8_t par[ size ];
+#define OCTET8( inst, par, size, lenval ) uint8_t par[ size ];
 #define OCTET16( inst, par, size ) uint8_t par[ size ];
 
 #define TLV( inst, par, do_tlv ) tlv_t *par;
diff --git a/src/smpp34_unpack.c b/src/smpp34_unpack.c
index 3d8b0f8..749a037 100644
--- a/src/smpp34_unpack.c
+++ b/src/smpp34_unpack.c
@@ -143,8 +143,7 @@ smpp34_unpack(uint32_t type, void* tt, const uint8_t *ptrBuf, int ptrLen)
     };\
 }
 
-#define OCTET8( inst, par, size ){\
-    lenval = *((inst par) - 1);\
+#define OCTET8( inst, par, size, lenval ){\
     if( lenval > left ){\
         PUTLOG("[leng %s:%d(%s)]", par, lenval,\
                                       "Value length exceed buffer length");\
-- 
cgit v1.2.3