[PATCH] osmo-bsc[master]: SI1q: fix EARFCN appender

Max gerrit-no-reply at lists.osmocom.org
Tue Oct 10 14:28:18 UTC 2017


Review at  https://gerrit.osmocom.org/4199

SI1q: fix EARFCN appender

Previously if we ran out of space while adding EARFCN, we simply return
which might result in malformed SI2q. Fix it by proper rollback of
entire EARFCN. While at it, let's be paranoid and introduce extra checks
against integer overflow in budget calculations.

Change-Id: I4b2aa3825e9affb6dfeadecdf24dd1a43a92b7b7
Related: OS#2357
---
M src/libbsc/rest_octets.c
M tests/gsm0408/gsm0408_test.ok
2 files changed, 33 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/99/4199/1

diff --git a/src/libbsc/rest_octets.c b/src/libbsc/rest_octets.c
index a22b8e6..abd621c 100644
--- a/src/libbsc/rest_octets.c
+++ b/src/libbsc/rest_octets.c
@@ -59,15 +59,16 @@
 }
 
 /* Append Repeated E-UTRAN Neighbour Cell to bitvec: see 3GPP TS 44.018 Table 10.5.2.33b.1 */
-static inline void append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget)
+static inline bool append_eutran_neib_cell(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget)
 {
 	const struct osmo_earfcn_si2q *e = &bts->si_common.si2quater_neigh_list;
 	unsigned i, skip = 0;
 	size_t offset = bts->e_offset;
-	uint8_t rem = budget - 6, earfcn_budget; /* account for mandatory stop bit and THRESH_E-UTRAN_high */
+	int16_t rem = budget - 6; /* account for mandatory stop bit and THRESH_E-UTRAN_high */
+	uint8_t earfcn_budget;
 
 	if (budget <= 6)
-		return;
+		return false;
 
 	OSMO_ASSERT(budget <= SI2Q_MAX_LEN);
 
@@ -87,6 +88,9 @@
 	else
 		rem--;
 
+	if (rem < 0)
+		return false;
+
 	/* now we can proceed with actually adding EARFCNs within adjusted budget limit */
 	for (i = 0; i < e->length; i++) {
 		if (e->arfcn[i] != OSMO_EARFCN_INVALID) {
@@ -104,6 +108,10 @@
 				else {
 					bts->e_offset++;
 					rem -= earfcn_budget;
+
+					if (rem < 0)
+						return false;
+
 					bitvec_set_bit(bv, 1); /* EARFCN: */
 					bitvec_set_uint(bv, e->arfcn[i], 16);
 
@@ -146,10 +154,14 @@
 		bitvec_set_uint(bv, e->qrxlm, 5);
 	} else
 		bitvec_set_bit(bv, 0);
+
+	return true;
 }
 
 static inline void append_earfcn(struct bitvec *bv, struct gsm_bts *bts, uint8_t budget)
 {
+	bool appended;
+	unsigned int old = bv->cur_bit; /* save current position to make rollback possible */
 	int rem = budget - 25;
 	if (rem <= 0)
 		return;
@@ -203,8 +215,11 @@
 	/* Repeated E-UTRAN Neighbour Cells */
 	bitvec_set_bit(bv, 1);
 
-	/* N. B: 25 bits are set in append_earfcn() - keep it in sync with budget adjustment below: */
-	append_eutran_neib_cell(bv, bts, rem);
+	appended = append_eutran_neib_cell(bv, bts, rem);
+	if (!appended) { /* appending is impossible within current budget: rollback */
+		bv->cur_bit = old;
+		return;
+	}
 
 	/* stop bit - end of Repeated E-UTRAN Neighbour Cells sequence: */
 	bitvec_set_bit(bv, 0);
diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok
index d200539..889f001 100644
--- a/tests/gsm0408/gsm0408_test.ok
+++ b/tests/gsm0408/gsm0408_test.ok
@@ -174,15 +174,21 @@
 generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
 generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
 generating SI2quater for 17 EARFCNs and 8 UARFCNs...
-generated valid SI2quater [00/02]: [23] 59 06 07 40 40 25 0f 70 45 19 a0 0d 7d 7e a6 19 e7 00 44 b3 07 82 41 
-generated valid SI2quater [01/02]: [23] 59 06 07 42 40 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
-generated valid SI2quater [02/02]: [23] 59 06 07 44 40 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
+generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 45 19 a0 0d 7d 7e a6 19 e7 0b 2b 2b 2b 2b 2b 
+generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b 
+generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b 
+generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b 
+generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
+generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
 generating SI2quater for 17 EARFCNs and 9 UARFCNs...
-generated valid SI2quater [00/02]: [23] 59 06 07 40 40 25 0f 70 4d 19 a0 26 fd 66 a6 03 e7 fa 10 99 66 0f 04 
-generated valid SI2quater [01/02]: [23] 59 06 07 42 40 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
-generated valid SI2quater [02/02]: [23] 59 06 07 44 40 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
+generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 4d 19 a0 26 fd 66 a6 03 e7 fa 0b 2b 2b 2b 2b 
+generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b 
+generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b 
+generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b 
+generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
+generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
 generating SI2quater for 17 EARFCNs and 10 UARFCNs...
-generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 55 47 89 1e fd 7c b0 00 e7 9b b0 04 12 c8 2b 
+generated valid SI2quater [00/05]: [23] 59 06 07 40 a0 25 0f 70 55 47 89 1e fd 7c b0 00 e7 9b b0 2b 2b 2b 2b 
 generated valid SI2quater [01/05]: [23] 59 06 07 42 a0 04 86 59 83 c1 20 f0 48 3c 26 c1 e0 f5 cb b2 b0 2b 2b 
 generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 61 08 19 08 41 b7 2e ca c1 2b 
 generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b 

-- 
To view, visit https://gerrit.osmocom.org/4199
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4b2aa3825e9affb6dfeadecdf24dd1a43a92b7b7
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>


More information about the gerrit-log mailing list