Hi, 2009/9/16 Gu, Yang <[email protected]>: > Today I tried oFono with my cell phone, but it crashed when starting > up. > The problem happens in function at_cmgl_notify() of file > drivers/atmodem/sms.c. > In my case, strlen(hexpdu) == 338, but the buffer "pdu" has maximum size of > 164. So after decode_hex_own_buf(), some memory was written unexpectedly.
The attached patch adds length check everywehere decode_hex_own_buf() is used with a static buffer and also enlarges the buffers to account for SMSC included in a PDU. Regards _______________________________________________ ofono mailing list [email protected] http://lists.ofono.org/listinfo/ofono
