| Summary: | ASTERISK-07317: Buffer not always initialized | ||
| Reporter: | klaus3000 (klaus3000) | Labels: | |
| Date Opened: | 2006-07-10 09:24:42 | Date Closed: | 2006-07-12 14:11:04 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | In q931.c, in the function to dump the content of INFORMATION messages, the tmp buffer is not initialized. static FUNC_DUMP(dump_display) { int x, y; char *buf = malloc(len + 1); char tmp[80]; if (buf) { x=y=0; if ((x < ie->len) && (ie->data[x] & 0x80)) { sprintf(tmp, "Charset: %02x ", ie->data[x] & 0x7f); ++x; } for (y=x; x<ie->len; x++) buf[x] = ie->data[x] & 0x7f; buf[x] = '\0'; pri_message(pri, "%c Display (len=%2d) %s[ %s ]\n", prefix, ie->len, tmp, &buf[y]); free(buf); } } Thus, if the first if-condition is not fulfilled, we log an uninitilized buffer which might cause strange characters on the console: < Protocol Discriminator: Q.931 (8) len=14 < Call Ref: len= 2 (reference 5/0x5) (Terminator) < Message type: INFORMATION (123) < [28 07 32 20 55 4e 49 54 53] < Display (len= 7) ????`?d [ 2 UNITS ] ****** ADDITIONAL INFORMATION ****** I think the solution is quite easy: char tmp[80]; tmp[0] = 0; | ||
| Comments: | By: Russell Bryant (russell) 2006-07-12 14:04:28 fixed, thanks! | ||