From 06bc056e71ce7056dd59c0004d8a9a26753c3f85 Mon Sep 17 00:00:00 2001
From: Vyacheslav Pedash <vyacheslav.pedash@globallogic.com>
Date: Tue, 28 Jul 2020 22:52:05 +0300
Subject: MTX-3534 Fix crashes on 64-bit platforms

The char* pointer retruned from strrchr() function was assigned to int variable tmp.
On 64-bit platforms where pointer is 64-bit and int is 32-bit 2 bytes were lost and
consequent dereference of sliced pointer lead to segmentation fault. As a solution
the type of temporal variable is changed to char*.
---
 src/atcmd.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/atcmd.c b/src/atcmd.c
index 1fd3452..90d2774 100644
--- a/src/atcmd.c
+++ b/src/atcmd.c
@@ -1307,6 +1307,7 @@ int atcmd_plus_iccid_read(int fd)
 	char *save;
 	char *token;
 	int tmp;
+	char *tmp_buf;
 	char* command;
 
 	if (is_telit_model()) {
@@ -1340,17 +1341,18 @@ int atcmd_plus_iccid_read(int fd)
 	if (!token) {
 		log_debug("atcmd_value_tok model");
 		return -1;
-	} else
+	} else {
 		log_debug("token is %s",token);
-        tmp = strrchr(token,' ');
-	if(tmp){
-		token = ++tmp;
+	}
+    tmp_buf = strrchr(token,' ');
+	if (tmp_buf) {
+		token = ++tmp_buf;
 		log_debug("Found blank, incrementing tmp");
 	} else {
-		tmp = strrchr(token,'\t');
+		tmp_buf = strrchr(token,'\t');
 		log_debug("Found tab, incrementing tmp");
-		if(tmp)
-			token = ++tmp;
+		if(tmp_buf)
+			token = ++tmp_buf;
 	}
 	log_debug("token[0]=%2.2x token[1]=%2.2x",token[0],token[1]);
 	strncpy(Global.core.iccid, token, ICCID_LEN);
-- 
cgit v1.2.3