From 7996134d2afb8098eb750433b20185bde21e0023 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 22 May 2014 21:17:49 +0200 Subject: common: Ignore "si.valid" outside of _MAX_SYSINFO_TYPE Limit the range from 0 to (_MAX_SYSINFO_TYPE - 1) instead of 0 to 31. This way we will never access the lchan->si.buf[] out of bounds. This is only a theoretical issue though as the code filling the lchan->si.buf for the SACCH will not have valid >= _MAX_SYSINFO_TYPE. Add a small regression test to check we still schedule all SIs. Fixes: CID 1040765 --- src/common/sysinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/common/sysinfo.c') diff --git a/src/common/sysinfo.c b/src/common/sysinfo.c index 6a50afd1..e08ffcaf 100644 --- a/src/common/sysinfo.c +++ b/src/common/sysinfo.c @@ -135,7 +135,7 @@ uint8_t *lchan_sacch_get(struct gsm_lchan *lchan) { uint32_t tmp; - for (tmp = lchan->si.last + 1; tmp != lchan->si.last; tmp = (tmp + 1) % 32) { + for (tmp = lchan->si.last + 1; tmp != lchan->si.last; tmp = (tmp + 1) % _MAX_SYSINFO_TYPE) { if (lchan->si.valid & (1 << tmp)) { lchan->si.last = tmp; return lchan->si.buf[tmp]; -- cgit v1.2.3