From 376bf6c1750d8d1c6bb1a5abc73e5b081d7b7825 Mon Sep 17 00:00:00 2001 From: kundatipradeep <35292742+kundatipradeep@users.noreply.github.com> Date: Mon, 15 Apr 2019 06:58:06 +0530 Subject: =?UTF-8?q?Size=20of=20Resend=20buffer=20less=20than=20or=20equal?= =?UTF-8?q?=20to=20DLT=5FUSER=5FBUF=5FMAX=5FSIZE=20res=E2=80=A6=20(#116)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Size of Resend buffer less than or equal to DLT_USER_BUF_MAX_SIZE results in Memory corruption. As older version of DLT DLT_USER_RESENDBUF_MAX_SIZE is [DLT_USER_BUF_MAX_SIZE + 100] which contains space for extra headers, where as in DLT 2.18 the resend buffer is bound to DLT_USER_BUF_MAX_SIZE which results in memory corruption in dlt_buffer_read_block when the size of the data is more than DLT_USER_BUF_MAX_SIZE. Reason for not using "DLT_USER_RESENDBUF_MAX_SIZE" during dynamic memory allocation of resend buffer is as user has got the feasibility to alter the DLT_USER_BUF_MAX_SIZE using the environmental variables the resend buffer in any scenario to be greater then dlt_user.log_buf_len to accommodate the extra headers. --- src/lib/dlt_user.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/lib/dlt_user.c b/src/lib/dlt_user.c index 43fb025..f82f928 100644 --- a/src/lib/dlt_user.c +++ b/src/lib/dlt_user.c @@ -98,6 +98,9 @@ static int atexit_registered = 0; /* used to disallow DLT usage in fork() child */ static int g_dlt_is_child = 0; +/*Max DLT message size is 1390 bytes plus some extra header space to accomidate the resend buffer*/ +#define DLT_USER_EXTRA_BUFF_SIZE 100 + /* Segmented Network Trace */ #define DLT_MAX_TRACE_SEGMENT_SIZE 1024 #define DLT_MESSAGE_QUEUE_NAME "/dlt_message_queue" @@ -665,7 +668,7 @@ DltReturnValue dlt_init_common(void) } if (dlt_user.resend_buffer == NULL) { - dlt_user.resend_buffer = calloc(sizeof(unsigned char), dlt_user.log_buf_len); + dlt_user.resend_buffer = calloc(sizeof(unsigned char), (dlt_user.log_buf_len + DLT_USER_EXTRA_BUFF_SIZE)); if (dlt_user.resend_buffer == NULL) { dlt_user_initialised = false; -- cgit v1.2.1