Comment # 8
on bug 8697
from Martin Kaiser
(In reply to comment #4)
> The statement above produces this C code
>
> tatic int
> dissect_nbap_CommonPhysicalChannelID(tvbuff_t *tvb _U_, int offset _U_,
> asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
> #line 689 "../../asn1/nbap/nbap.cnf"
> offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index,
> 0U, 255U,
> &commonphysicalchannelid, FALSE);
>
> nbap_dch_chnl_info[commonphysicalchannelid].next_dch = 0;
>
you're right, that's the final code. I didn't understand what #line does (just
read about it). So the statement after .FN_BODY doesn't get pulled in, only the
lines below .FN_BODY
>
> return offset;
>
> There should be a check that the returned
> commonphysicalchannelid is less than maxNrOfDCHs I think.
>
That's it. The value was 174, this didn't look suspicious to me.
I can also confirm that your bugfix fixes the crash for me.
Regards,
Martin
You are receiving this mail because:
- You are watching all bug changes.