首页 发现 帮助
登录
Kamailio
/
kamailio
镜像自地址 https://github.com/kamailio/kamailio.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

ims_usrloc_scscf: assignment of length missing for query_buffer in
db_link_contact_to_impu()

When writing to query_buffer with the help of the snprintf() function,
the result of the functio is written to variable query_buffer_len
instead of to the query_buffer.len itself. This leads to core dump
in some cases. Replaced "_" by "." in "query_buffer_len ="

Christoph Valentin 7 年之前
父节点
44dc6caa2b
当前提交
11c179ab23
共有 1 个文件被更改,包括 1 次插入1 次删除
合并视图 显示文件统计
  1. 1 1
      src/modules/ims_usrloc_scscf/usrloc_db.c

+ 1 - 1
src/modules/ims_usrloc_scscf/usrloc_db.c
查看文件 

@@ -1079,7 +1079,7 @@ int db_link_contact_to_impu(impurecord_t* _r, ucontact_t* _c) {
 
 
 
     }
 
     }
 
 
 
-    query_buffer_len = snprintf(query_buffer.s, query_buffer_len, impu_contact_insert_query, _r->public_identity.len, _r->public_identity.s, _c->c.len, _c->c.s);
 
+    query_buffer.len = snprintf(query_buffer.s, query_buffer_len, impu_contact_insert_query, _r->public_identity.len, _r->public_identity.s, _c->c.len, _c->c.s);
 
 
 
     LM_DBG("QUERY IS [%.*s] and len is %d\n", query_buffer.len, query_buffer.s, query_buffer.len);
 
     LM_DBG("QUERY IS [%.*s] and len is %d\n", query_buffer.len, query_buffer.s, query_buffer.len);
 
     if (ul_dbf.raw_query(ul_dbh, &query_buffer, &rs) != 0) {
 
     if (ul_dbf.raw_query(ul_dbh, &query_buffer, &rs) != 0) {