From c62fc2d20f433117a123ec43862263c02013b460 Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Wed, 11 Apr 2018 20:14:08 +0200 Subject: msgb: msgb_pull: Abort when pulling more than avail size Change-Id: I512ff2035ae7a929e6c96df82938cc1ddbcc4e2a --- include/osmocom/core/msgb.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/osmocom/core/msgb.h b/include/osmocom/core/msgb.h index a9831957..a8dc205b 100644 --- a/include/osmocom/core/msgb.h +++ b/include/osmocom/core/msgb.h @@ -331,6 +331,9 @@ static inline void msgb_push_u32(struct msgb *msg, uint32_t word) */ static inline unsigned char *msgb_pull(struct msgb *msgb, unsigned int len) { + if (msgb_length(msgb) < len) + MSGB_ABORT(msgb, "msgb too small to pull %u (len %u)\n", + len, msgb_length(msgb)); msgb->len -= len; return msgb->data += len; } -- cgit v1.2.3