From 11c179ab232222f1c78f19557032afd49bef7324 Mon Sep 17 00:00:00 2001 From: Christoph Valentin Date: Thu, 25 Jan 2018 13:13:07 +0100 Subject: [PATCH] ims_usrloc_scscf: assignment of length missing for query_buffer in db_link_contact_to_impu() When writing to query_buffer with the help of the snprintf() function, the result of the functio is written to variable query_buffer_len instead of to the query_buffer.len itself. This leads to core dump in some cases. Replaced "_" by "." in "query_buffer_len =" --- src/modules/ims_usrloc_scscf/usrloc_db.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/ims_usrloc_scscf/usrloc_db.c b/src/modules/ims_usrloc_scscf/usrloc_db.c index e1a7d4287e8..b5301e0a3b7 100644 --- a/src/modules/ims_usrloc_scscf/usrloc_db.c +++ b/src/modules/ims_usrloc_scscf/usrloc_db.c @@ -1079,7 +1079,7 @@ int db_link_contact_to_impu(impurecord_t* _r, ucontact_t* _c) { } - query_buffer_len = snprintf(query_buffer.s, query_buffer_len, impu_contact_insert_query, _r->public_identity.len, _r->public_identity.s, _c->c.len, _c->c.s); + query_buffer.len = snprintf(query_buffer.s, query_buffer_len, impu_contact_insert_query, _r->public_identity.len, _r->public_identity.s, _c->c.len, _c->c.s); LM_DBG("QUERY IS [%.*s] and len is %d\n", query_buffer.len, query_buffer.s, query_buffer.len); if (ul_dbf.raw_query(ul_dbh, &query_buffer, &rs) != 0) {