From 3ef0da27b5f621734c4ed14b297cc5a2da50fbcb Mon Sep 17 00:00:00 2001 From: XANTRONIX Development Date: Sun, 26 Jul 2020 01:55:21 -0400 Subject: [PATCH] Ensure socket TX buf size is separate from RX size After performing XID parameter negotiation, do not simply use the negotiated TX buffer size when allocating the RX buffer; this resolves an issue wherein read()s into the RX buffer (allocated with a size equal to the TX buffer, which may be smaller) would cause memory errors --- src/sock.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/sock.c b/src/sock.c index 7a470e9..0af8bfb 100644 --- a/src/sock.c +++ b/src/sock.c @@ -54,10 +54,14 @@ error_open: return -1; } -static inline size_t bufsz(patty_ax25_sock *sock) { +static inline size_t tx_bufsz(patty_ax25_sock *sock) { return PATTY_AX25_FRAME_OVERHEAD + sock->n_maxlen_tx; } +static inline size_t rx_bufsz(patty_ax25_sock *sock) { + return PATTY_AX25_FRAME_OVERHEAD + sock->n_maxlen_rx; +} + static inline size_t tx_slot_size(patty_ax25_sock *sock) { return sizeof(size_t) + PATTY_AX25_FRAME_OVERHEAD + sock->n_maxlen_tx; } @@ -74,11 +78,11 @@ static inline void *tx_slot(patty_ax25_sock *sock, size_t seq) { } static int init_bufs(patty_ax25_sock *sock) { - if ((sock->tx_buf = realloc(sock->tx_buf, bufsz(sock))) == NULL) { + if ((sock->tx_buf = realloc(sock->tx_buf, tx_bufsz(sock))) == NULL) { goto error_realloc_tx_buf; } - if ((sock->rx_buf = realloc(sock->rx_buf, bufsz(sock))) == NULL) { + if ((sock->rx_buf = realloc(sock->rx_buf, rx_bufsz(sock))) == NULL) { goto error_realloc_rx_buf; } @@ -398,7 +402,7 @@ ssize_t patty_ax25_sock_send(patty_ax25_sock *sock, goto error_toobig; } - if ((encoded = encode_address(sock, cr, buf, bufsz(sock))) < 0) { + if ((encoded = encode_address(sock, cr, buf, tx_bufsz(sock))) < 0) { goto error_encode_address; } else { offset += encoded;