chan_vpb: Fix a gcc 7 out-of-bounds complaint
authorGeorge Joseph <gjoseph@digium.com>
Wed, 11 Oct 2017 12:03:41 +0000 (06:03 -0600)
committerGeorge Joseph <gjoseph@digium.com>
Wed, 11 Oct 2017 12:10:45 +0000 (07:10 -0500)
chan_vpb was trying to use sizeof(*p->play_dtmf), where
p->play_dtmf is defined as char[16], to get the length of the array
but since p->play_dtmf is an actual array, sizeof(*p->play_dtmf)
returns the size of the first array element, which is 1.  gcc7
validly complains because the context in which it's used could
cause an out-of-bounds condition.

Change-Id: If9c4bfdb6b02fa72d39e0c09bf88900663c000ba

channels/chan_vpb.cc

index d7e9732..6e77dc2 100644 (file)
@@ -1791,7 +1791,7 @@ static int vpb_digit_end(struct ast_channel *ast, char digit, unsigned int durat
        ast_verb(4, "%s: vpb_digit: asked to play digit[%s]\n", p->dev, s);
 
        ast_mutex_lock(&p->play_dtmf_lock);
-       strncat(p->play_dtmf, s, sizeof(*p->play_dtmf) - strlen(p->play_dtmf) - 1);
+       strncat(p->play_dtmf, s, sizeof(p->play_dtmf) - strlen(p->play_dtmf) - 1);
        ast_mutex_unlock(&p->play_dtmf_lock);
 
        ast_mutex_unlock(&p->lock);