libosmocore

History

Vadim Yanitskiy bd33a9568e tests/ussd: prevent uninitialized memory access Previously an incorrect length value was passed to both gsm_7bit_decode_n_ussd() and gsm_7bit_encode_n_ussd() functions during test_7bit_ussd() execution, due to: octets_written = strlen(decoded); The problem is that a 7-bit encoded string takes less memory than its 8-bit equivalent. So, here strlen() returns one-byte bigger value, that octets_written is. This then causes the uninitialized memory access. Found using Valgrind: Conditional jump or move depends on uninitialised value(s) at 0x506DCCC: gsm_7bit_decode_n_ussd (gsm_utils.c:248) by 0x40134B: test_7bit_ussd (ussd_test.c:104) by 0x400F5D: main (ussd_test.c:161) Conditional jump or move depends on uninitialised value(s) at 0x506DBB7: gsm_7bit_decode_n_hdr (gsm_utils.c:220) by 0x506DC9E: gsm_7bit_decode_n_ussd (gsm_utils.c:246) by 0x40134B: test_7bit_ussd (ussd_test.c:104) by 0x400F5D: main (ussd_test.c:161) Conditional jump or move depends on uninitialised value(s) at 0x506DBCB: gsm_septet_lookup (gsm_utils.c:153) by 0x506DBCB: gsm_7bit_decode_n_hdr (gsm_utils.c:224) by 0x506DC9E: gsm_7bit_decode_n_ussd (gsm_utils.c:246) by 0x40134B: test_7bit_ussd (ussd_test.c:104) by 0x400F5D: main (ussd_test.c:161) Change-Id: Ic31805b6a5a917dfc6284edba6ffdd21246ac20c	2018-01-22 10:35:53 +00:00
..
ussd_test.c	tests/ussd: prevent uninitialized memory access	2018-01-22 10:35:53 +00:00
ussd_test.ok	ussd_test.c: fix rc / len debug output confusion	2018-01-13 03:21:08 +06:00

Vadim Yanitskiy bd33a9568e tests/ussd: prevent uninitialized memory access

Previously an incorrect length value was passed to both
gsm_7bit_decode_n_ussd() and gsm_7bit_encode_n_ussd()
functions during test_7bit_ussd() execution, due to:

   octets_written = strlen(decoded);

The problem is that a 7-bit encoded string takes less memory
than its 8-bit equivalent. So, here strlen() returns one-byte
bigger value, that octets_written is. This then causes the
uninitialized memory access.

Found using Valgrind:

Conditional jump or move depends on uninitialised value(s)
   at 0x506DCCC: gsm_7bit_decode_n_ussd (gsm_utils.c:248)
   by 0x40134B: test_7bit_ussd (ussd_test.c:104)
   by 0x400F5D: main (ussd_test.c:161)

Conditional jump or move depends on uninitialised value(s)
   at 0x506DBB7: gsm_7bit_decode_n_hdr (gsm_utils.c:220)
   by 0x506DC9E: gsm_7bit_decode_n_ussd (gsm_utils.c:246)
   by 0x40134B: test_7bit_ussd (ussd_test.c:104)
   by 0x400F5D: main (ussd_test.c:161)

Conditional jump or move depends on uninitialised value(s)
   at 0x506DBCB: gsm_septet_lookup (gsm_utils.c:153)
   by 0x506DBCB: gsm_7bit_decode_n_hdr (gsm_utils.c:224)
   by 0x506DC9E: gsm_7bit_decode_n_ussd (gsm_utils.c:246)
   by 0x40134B: test_7bit_ussd (ussd_test.c:104)
   by 0x400F5D: main (ussd_test.c:161)

Change-Id: Ic31805b6a5a917dfc6284edba6ffdd21246ac20c

2018-01-22 10:35:53 +00:00

ussd_test.c

tests/ussd: prevent uninitialized memory access

2018-01-22 10:35:53 +00:00

ussd_test.ok

ussd_test.c: fix rc / len debug output confusion

2018-01-13 03:21:08 +06:00