diff options
author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2020-05-23 17:33:07 +0700 |
---|---|---|
committer | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2020-05-23 18:00:53 +0700 |
commit | fac833264952aee68acfaf8676fe86159517ef50 (patch) | |
tree | 2264e87cb7dbd3a4b3799548b0a3d47429d14b46 | |
parent | c9915660ff41444b8af05ec57d7c7e832f49e273 (diff) |
csn1: fix csnStreamEncoder(): also check length of the choice list
Similar checks are done in csnStreamDecoder(), so better check than sorry.
Change-Id: I441c716975905a37264efc8a76df92194f39c1fb
-rw-r--r-- | src/csn1.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1802,10 +1802,16 @@ gint16 csnStreamEncoder(csnStream_t* ar, const CSN_DESCR* pDescr, struct bitvec case CSN_CHOICE: { - //gint16 count = pDescr->i; + gint16 count = pDescr->i; guint8 i = 0; const CSN_ChoiceElement_t* pChoice = (const CSN_ChoiceElement_t*) pDescr->descr.ptr; + /* Make sure that the list of choice items is not empty */ + if (!count) + return ProcessError(writeIndex, "csnStreamEncoder", CSN_ERROR_IN_SCRIPT, pDescr); + else if (count > 255) /* We can handle up to 256 (UCHAR_MAX) selectors */ + return ProcessError(writeIndex, "csnStreamEncoder", CSN_ERROR_IN_SCRIPT, pDescr); + pui8 = pui8DATA(data, pDescr->offset); i = *pui8; pChoice += i; |