len bug in _TlvBuildMessage()

[Dorian1982]

In the _TlvBuildMessage function of pfcp_message.c, about line 437:

*lenPtr = htons(bufOffset);

should be:

(((uint16_t )(*bufBlkPtr)->buf)+1) = htons(bufOffset);

Otherwise, in case of len is more than 64 (BufblkBuf will be increaded to 128), the lenPtr will be zero. I reproduced this issue by simulating a larger message.

[free5gc-org]

@Dorian1982

This issue was already fixed in tag v1.0.0. Thanks for your report.