openbsc[master]: rtp_proxy.c: Ensure msgb_alloc is large enough for largest A...
diff mbox

Message ID gerrit.1463841799423.If1ad5d2d68c85733306c75ea62f67fe8fbc143b3@gerrit.osmocom.org
State New
Headers show

Commit Message

gerrit-no-reply@lists.osmocom.org May 21, 2016, 2:43 p.m. UTC
Review at  https://gerrit.osmocom.org/91

rtp_proxy.c: Ensure msgb_alloc is large enough for largest AMR frame

In AMR 12.2 (mode 7), the actual RTP payload is 33 bytes.  Howeerver,
as we store the length of the (dynamically-sized) AMR payload in the
first byte, our buffer needs at least 33+1 byte in size.

Change-Id: If1ad5d2d68c85733306c75ea62f67fe8fbc143b3
---
M openbsc/src/libtrau/rtp_proxy.c
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/91/91/1

Comments

gerrit-no-reply@lists.osmocom.org May 24, 2016, 8:57 a.m. UTC | #1
Patch Set 1:

Why not change the define itself?
gerrit-no-reply@lists.osmocom.org May 24, 2016, 1:56 p.m. UTC | #2
Patch Set 1: Code-Review+2

> Why not change the define itself?

because then the name would be wrong.  The actual AMR codec payload cannot be larger than 33 bytes.  So if you change the #define value, you also need to come up with a new, more suitable name.

Patch
diff mbox

diff --git a/openbsc/src/libtrau/rtp_proxy.c b/openbsc/src/libtrau/rtp_proxy.c
index 8c982c9..6c04610 100644
--- a/openbsc/src/libtrau/rtp_proxy.c
+++ b/openbsc/src/libtrau/rtp_proxy.c
@@ -172,7 +172,7 @@ 
 	/* always allocate for the maximum possible size to avoid
 	 * fragmentation */
 	new_msg = msgb_alloc(sizeof(struct gsm_data_frame) +
-			     MAX_RTP_PAYLOAD_LEN, "GSM-DATA (TCH)");
+			     MAX_RTP_PAYLOAD_LEN+1, "GSM-DATA (TCH)");
 
 	if (!new_msg)
 		return -ENOMEM;