<p> Attention is currently required from: Kevin Harwell. </p>
<p><a href="https://gerrit.asterisk.org/c/asterisk/+/18529">View Change</a></p><p>1 comment:</p><ul style="list-style: none; padding: 0;"><li style="margin: 0; padding: 0;"><p><a href="null">File apps/app_festival.c:</a></p><ul style="list-style: none; padding: 0;"><li style="margin: 0; padding: 0 0 0 16px;"><p style="margin-bottom: 4px;"><a href="https://gerrit.asterisk.org/c/asterisk/+/18529/comment/3af741ae_b4b2d9c8">Patch Set #1, Line 436:</a> <code style="font-family:monospace,monospace"> if (strlen(cachedir) + sizeof(MD5Hex) + 1 <= MAXFESTLEN && (usecache == -1)) {</code></p><blockquote style="border-left: 1px solid #aaa; margin: 10px 0; padding: 0 10px;"><p style="white-space: pre-wrap; word-wrap: break-word;">For 1) I'm saying strlen(x) will always be at least one less (possibly more) than sizeof(x). That could be the difference in the check here being true/false when it wasn't previously. That said if MD5Hex is guaranteed to always be 32 bytes here then it may be a moot point in this scenario.</p></blockquote><p style="white-space: pre-wrap; word-wrap: break-word;">This isn't a true/false issue. It's a buffer overflow issue. An MD5 checksum is always 16 bytes and when represented in hex characters, it's always 32. The compiler doesn't know that though and the bits that are checking for the overflow see "strlen" and assume it can be 0. I do believe it's a bug in the compiler but it is what it is. Maybe it's the usecache part of the predicate that's confusing the code that evaluates guard conditions.</p></li></ul></li></ul><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/18529">change 18529</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/18529"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: Ia081ca1bcfb329df6487c4660aaf1944309eb570 </div>
<div style="display:none"> Gerrit-Change-Number: 18529 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Michael Bradeen <mbradeen@sangoma.com> </div>
<div style="display:none"> Gerrit-Attention: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Comment-Date: Thu, 05 May 2022 14:59:24 +0000 </div>
<div style="display:none"> Gerrit-HasComments: Yes </div>
<div style="display:none"> Gerrit-Has-Labels: No </div>
<div style="display:none"> Comment-In-Reply-To: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Comment-In-Reply-To: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: comment </div>