Change in osmo-pcu[master]: Fix assertion hit upon CCCH Paging Request

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

pespin gerrit-no-reply at lists.osmocom.org
Wed Oct 16 12:44:22 UTC 2019


pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-pcu/+/15799 )


Change subject: Fix assertion hit upon CCCH Paging Request
......................................................................

Fix assertion hit upon CCCH Paging Request

Recent commit added an assertion to check for buffer boundaries and it
actually gets hit.
One of the 2 code paths calling pcu_l1if_tx_pch() was passing a buffer
of 23 bytes while one of maximum 22 is expected (because plen is not set
in the buffer but set inside pcu_l1if_tx_pch()).
So it seems before the assert, that code path was actually writing 1
byte outside the boundaries of data buffer, since bitvec_pack() uses
data_len field of bitvec.

Related: OS#4228
Fixes: 8dc09e73d0b361b27232526ebcd5f25cd8c7edfd
Change-Id: I84c5dfd4d5580e9d4c00ed21887cb51bd9abbd2e
---
M src/gprs_rlcmac.cpp
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-pcu refs/changes/99/15799/1

diff --git a/src/gprs_rlcmac.cpp b/src/gprs_rlcmac.cpp
index 4d93f8f..7a98a25 100644
--- a/src/gprs_rlcmac.cpp
+++ b/src/gprs_rlcmac.cpp
@@ -32,7 +32,7 @@
 	const char *imsi)
 {
 	LOGP(DRLCMAC, LOGL_NOTICE, "TX: [PCU -> BTS] Paging Request (CCCH)\n");
-	bitvec *paging_request = bitvec_alloc(23, tall_pcu_ctx);
+	bitvec *paging_request = bitvec_alloc(22, tall_pcu_ctx);
 	bitvec_unhex(paging_request, DUMMY_VEC);
 	int plen = Encoding::write_paging_request(paging_request, ptmsi, ptmsi_len);
 	pcu_l1if_tx_pch(paging_request, plen, (char *)imsi);

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/15799
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I84c5dfd4d5580e9d4c00ed21887cb51bd9abbd2e
Gerrit-Change-Number: 15799
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20191016/d2732a07/attachment.htm>


More information about the gerrit-log mailing list