Re: possible bug

gnokii-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: possible bug

From:	Daniele Forsi
Subject:	Re: possible bug
Date:	Wed, 24 Oct 2012 11:17:10 +0200

2012/10/23 Jon Berg:

> Do you need me to do anything additional to investigate this further?
> I kind of need to use this phone so I would have to delete all the
> messages to get it to work again.

before deleting your messages can you try to read one of those that
break smsd using both model=series40 and model=AT so that we can
compare them?

after that you may delete your messages because I can do all the tests
hacking NK6510_GetSMS() by replacing its contents with the following
code, so that gnokii --getsms will always read this SMS:
{
        unsigned char *buf =
"015500030001010200030000000100306400082101919071908000000003820c01080b912143658709f1820c020807913333333333f3800801002d000000";
        unsigned char message[0x003e];

        hex2bin(message, buf, strlen(buf));

        return NK6510_IncomingFolder(0x14, message, 0x003e, data, state);
}

the problem is that the 2d towards the end of the frame is taken as
the length of the following UDH data (which in fact is not there) and
a static buffer is overflowed while trying to copy it; strange is that
the code to handle that kind of frame doesn't seem to have changed
much since 2002
-- 
Daniele Forsi

[Prev in Thread]

Current Thread

[Next in Thread]

possible bug, Jon Berg, 2012/10/19
- Re: possible bug, Daniele Forsi, 2012/10/20
  - Re: possible bug, Jon Berg, 2012/10/20
- Re: possible bug, Pawel Kot, 2012/10/21
  - Re: possible bug, Jon Berg, 2012/10/21
    - Re: possible bug, Jon Berg, 2012/10/21
    - Re: possible bug, Jon Berg, 2012/10/23
    - Re: possible bug, Daniele Forsi <=
    - Re: possible bug, Jon Berg, 2012/10/24

Prev by Date: Re: possible bug
Next by Date: Re: possible bug
Previous by thread: Re: possible bug
Next by thread: Re: possible bug
Index(es):
- Date
- Thread