[asterisk-dev] Version 1.4.19-rc2 bug
Terry Sanders
asterisk at vertone.co.uk
Tue Mar 11 18:41:37 CDT 2008
I've just compiled rc2 and noticed this compile warning:
chan_misdn.c: In function 'misdn_call':
chan_misdn.c:2015: warning: array subscript is above array bounds
Looking at the code I see this:
char *opts=NULL, *ext;
char dest_cp[256];
{
strncpy(dest_cp,dest,sizeof(dest_cp)-1);
dest_cp[sizeof(dest_cp)]=0; <----- Warning for this line
ext=dest_cp;
which is wrting a zero one past the end of the array. If I remember correctly
how C allocates local variables this means the zero will actually go into
the "ext" variable and then be immediately overwritten by the address of the
dest_cp array. As a result, if the passed in dest string is 255 or more
characters long then you might end up processing an unterminated string.
Regards
Terry
More information about the asterisk-dev
mailing list