Commit 993d911d authored by roux's avatar roux

very dirty fix for some out of buffer memory access

TO BE DONE PROPERLY AT SOME POINT!!


git-svn-id: http://svn.eurecom.fr/openair4G/trunk@7791 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 5eb49567
...@@ -630,10 +630,15 @@ nwGtpv1uHandleEchoReq(NW_IN NwGtpv1uStackT *thiz, ...@@ -630,10 +630,15 @@ nwGtpv1uHandleEchoReq(NW_IN NwGtpv1uStackT *thiz,
bufLen = sizeof(NwGtpv1uIeTv1T)+ ((NwGtpv1uMsgT*)hMsg)->msgLen; bufLen = sizeof(NwGtpv1uIeTv1T)+ ((NwGtpv1uMsgT*)hMsg)->msgLen;
#warning CROUX DIRTY +16, TO BE FIXED!!!
/* the +16 is there because by analyzing memory allocation with some external
* tool, I saw that there were 6 bytes accessed after bufLen in nwGtpv1uCreateAndSendMsg
* the value "16" has been chosen arbitrarily, just bigger than 6
*/
((NwGtpv1uMsgT*)hMsg)->msgBuf = itti_malloc( ((NwGtpv1uMsgT*)hMsg)->msgBuf = itti_malloc(
TASK_GTPV1_U, TASK_GTPV1_U,
TASK_UDP, TASK_UDP,
bufLen); bufLen + 16 /* CROUX - dirty +16, to be fixed! */);
((NwGtpv1uMsgT*)hMsg)->msgBufLen = bufLen; ((NwGtpv1uMsgT*)hMsg)->msgBufLen = bufLen;
NW_ASSERT(NW_GTPV1U_OK == rc); NW_ASSERT(NW_GTPV1U_OK == rc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment