<p>pespin has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/osmo-pcu/+/17572">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">csn1: Validate recursive array max size during decoding<br><br>This way if CSN1 encoded bitstream contains more elements than what the<br>defintion expects it will fail instead of overflowing the decoded<br>buffer.<br><br>RA cap struct placed in unit test is taken from a real android phone<br>sending the value when attaching to the network. Then SGSN sends it back<br>and osmo-pcu would crash similar to unit test:<br>*** stack smashing detected ***: terminated<br> Process terminating with default action of signal 6 (SIGABRT): dumping core<br>at 0x4C62CE5: raise (in /usr/lib/libc-2.31.so)<br>by 0x4C4C856: abort (in /usr/lib/libc-2.31.so)<br>by 0x4CA62AF: __libc_message (in /usr/lib/libc-2.31.so)<br>by 0x4D36069: __fortify_fail (in /usr/lib/libc-2.31.so)<br>by 0x4D36033: __stack_chk_fail (in /usr/lib/libc-2.31.so)<br>by 0x124706: testRAcap2(void*) (RLCMACTest.cpp:468)<br><br>Related: OS#4463<br>Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e<br>---<br>M src/csn1.c<br>M src/csn1.h<br>M tests/rlcmac/RLCMACTest.cpp<br>M tests/rlcmac/RLCMACTest.err<br>M tests/rlcmac/RLCMACTest.ok<br>5 files changed, 160 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-pcu refs/changes/72/17572/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/csn1.c b/src/csn1.c</span><br><span>index 296bf6c..e8ee917 100644</span><br><span>--- a/src/csn1.c</span><br><span>+++ b/src/csn1.c</span><br><span>@@ -1281,6 +1281,7 @@</span><br><span> * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE)}</span><br><span> */</span><br><span> gint16 nSizeElement = (gint16)(gint32)pDescr->value;</span><br><span style="color: hsl(120, 100%, 40%);">+ guint32 nSizeArray = (guint32)((uintptr_t)pDescr->aux_fn);</span><br><span> guint8 ElementCount = 0;</span><br><span> pui8 = pui8DATA(data, pDescr->offset);</span><br><span> </span><br><span>@@ -1292,6 +1293,12 @@</span><br><span> remaining_bits_len--;</span><br><span> ElementCount++;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (ElementCount > nSizeArray)</span><br><span style="color: hsl(120, 100%, 40%);">+ {</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGPC(DCSN1, LOGL_ERROR, "error: %s: too many elements (>%u) in recursive array. Increase its size! } |", pDescr->sz, nSizeArray);</span><br><span style="color: hsl(120, 100%, 40%);">+ return ProcessError(readIndex,"csnStreamDecoder", CSN_ERROR_STREAM_NOT_SUPPORTED, pDescr);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> { /* unpack the following data structure */</span><br><span> csnStream_t arT = *ar;</span><br><span> gint16 Status;</span><br><span>@@ -1345,6 +1352,7 @@</span><br><span> * {t, offsetof(_STRUCT, _ElementCountField), (void*)CSNDESCR_##_MEMBER_TYPE, offsetof(_STRUCT, _MEMBER), #_MEMBER, (StreamSerializeFcn_t)sizeof(_MEMBER_TYPE)}</span><br><span> */</span><br><span> gint16 nSizeElement = (gint16)(gint32)pDescr->value;</span><br><span style="color: hsl(120, 100%, 40%);">+ guint32 nSizeArray = (guint32)((uintptr_t)pDescr->aux_fn);</span><br><span> guint8 ElementCount = 0;</span><br><span> csnStream_t arT = *ar;</span><br><span> gboolean EndOfList = FALSE;</span><br><span>@@ -1355,6 +1363,12 @@</span><br><span> { /* get data element */</span><br><span> ElementCount++;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (ElementCount > nSizeArray)</span><br><span style="color: hsl(120, 100%, 40%);">+ {</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGPC(DCSN1, LOGL_ERROR, "error: %s: too many elements (>%u) in recursive array. Increase its size! } |", pDescr->sz, nSizeArray);</span><br><span style="color: hsl(120, 100%, 40%);">+ return ProcessError(readIndex,"csnStreamDecoder", CSN_ERROR_STREAM_NOT_SUPPORTED, pDescr);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> LOGPC(DCSN1, LOGL_DEBUG, "%s { | ", pDescr->sz);</span><br><span> </span><br><span> csnStreamInit(&arT, bit_offset, remaining_bits_len);</span><br><span>diff --git a/src/csn1.h b/src/csn1.h</span><br><span>index b3fdc0a..e4ef867 100644</span><br><span>--- a/src/csn1.h</span><br><span>+++ b/src/csn1.h</span><br><span>@@ -451,7 +451,7 @@</span><br><span> * <list> ::= <type> {1 <type>} ** 0 ;</span><br><span> *****************************************************************************/</span><br><span> #define M_REC_TARRAY_1(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)\</span><br><span style="color: hsl(0, 100%, 40%);">- {CSN_RECURSIVE_TARRAY_1, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), NULL}</span><br><span style="color: hsl(120, 100%, 40%);">+ {CSN_RECURSIVE_TARRAY_1, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}</span><br><span> </span><br><span> /******************************************************************************</span><br><span> * M_REC_TARRAY2(Par1, Par2, Par3, Par4)</span><br><span>@@ -459,7 +459,7 @@</span><br><span> * <lists> ::= <type> { 0 <type> } ** 1 ;</span><br><span> *****************************************************************************/</span><br><span> #define M_REC_TARRAY_2(_STRUCT, _MEMBER, _MEMBER_TYPE, _ElementCountField)\</span><br><span style="color: hsl(0, 100%, 40%);">- {CSN_RECURSIVE_TARRAY_2, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), NULL}</span><br><span style="color: hsl(120, 100%, 40%);">+ {CSN_RECURSIVE_TARRAY_2, offsetof(_STRUCT, _ElementCountField), {(const void*)CSNDESCR_##_MEMBER_TYPE}, offsetof(_STRUCT, _MEMBER), FALSE, #_MEMBER, sizeof(_MEMBER_TYPE), (void_fn_t)ElementsOf(((_STRUCT*)0)->_MEMBER)}</span><br><span> </span><br><span> /******************************************************************************</span><br><span> * M_TYPE(Par1, Par2, Par3)</span><br><span>diff --git a/tests/rlcmac/RLCMACTest.cpp b/tests/rlcmac/RLCMACTest.cpp</span><br><span>index 6529d4d..058d57e 100644</span><br><span>--- a/tests/rlcmac/RLCMACTest.cpp</span><br><span>+++ b/tests/rlcmac/RLCMACTest.cpp</span><br><span>@@ -328,6 +328,146 @@</span><br><span> bitvec_free(bv_dec);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* Reproduce crash from ticket OS#4463 */</span><br><span style="color: hsl(120, 100%, 40%);">+void testRAcap2(void *test_ctx)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ printf("*** %s ***\n", __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ MS_Radio_Access_capability_t data;</span><br><span style="color: hsl(120, 100%, 40%);">+ memset(&data, 0, sizeof(data));</span><br><span style="color: hsl(120, 100%, 40%);">+ bitvec *bv_dec = bitvec_alloc(23, test_ctx);</span><br><span style="color: hsl(120, 100%, 40%);">+ int rc;</span><br><span style="color: hsl(120, 100%, 40%);">+/*</span><br><span style="color: hsl(120, 100%, 40%);">+MS Radio Access Capability</span><br><span style="color: hsl(120, 100%, 40%);">+ Element ID: 0x13</span><br><span style="color: hsl(120, 100%, 40%);">+ 1... .... = ext: 1</span><br><span style="color: hsl(120, 100%, 40%);">+ Length: 23</span><br><span style="color: hsl(120, 100%, 40%);">+ ------------------------------------------- Hex bitstream starts here:</span><br><span style="color: hsl(120, 100%, 40%);">+ MS RA capability 1</span><br><span style="color: hsl(120, 100%, 40%);">+ 0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 1001 001. .... = Length in bits: 0x49 (73)</span><br><span style="color: hsl(120, 100%, 40%);">+ ...1 00.. RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5 Bits: A5 bits follow (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/1: encryption algorithm available (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/2: encryption algorithm not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/3: encryption algorithm available (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/4: encryption algorithm not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/5: encryption algorithm not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/6: encryption algorithm not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5/7: encryption algorithm not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..1. = Controlled early Classmark Sending: Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...1 = Pseudo Synchronisation: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ 0... .... = Voice Group Call Service: no VGCS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ .0.. .... = Voice Broadcast Service: no VBS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ ..1. .... = Multislot capability struct: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ HSCSD multislot class: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0111 = SMS_VALUE (Switch-Measure-Switch): 8/4 timeslot (~1154 microseconds) (7)</span><br><span style="color: hsl(120, 100%, 40%);">+ 0001 .... = (SM_VALUE) Switch-Measure: 2/4 timeslot (~288 microseconds) (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ ECSD multislot class: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 = Single Slot DTM: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ 1... .... = DTM EGPRS Multi Slot Class: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .011 00.. .... = GPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)</span><br><span style="color: hsl(120, 100%, 40%);">+ ..1. .... = GPRS Extended Dynamic Allocation Capability: Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..01 100. .... = EGPRS multislot class: Max Rx-Slot/TDMA:4 Max Tx-Slot/TDMA:4 Max-Sum-Slot/TDMA:5 Tta:2 Ttb:1 Tra:2 Trb:1 Type:1 (12)</span><br><span style="color: hsl(120, 100%, 40%);">+ ...1 .... = EGPRS Extended Dynamic Allocation Capability: Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .11. = DTM GPRS Multi Slot Class: Multislot class 11 supported (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ .11. .... = DTM EGPRS Multi Slot Class: Multislot class 11 supported (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ ...1 .... = 8PSK Power Capability Bits: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ 8PSK Power Capability: Power class E2 (2)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = COMPACT Interference Measurement Capability: Not Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...1 = Revision Level Indicator: The ME is Release '99 onwards</span><br><span style="color: hsl(120, 100%, 40%);">+ 0... .... = UMTS FDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .0.. .... = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ ..0. .... = CDMA 2000 Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ ...0 .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 1... = GERAN Feature Package 1: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = Modulation based multislot class support: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ High Multislot Capability: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ 0... .... = GERAN Iu mode: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .0.. = Multiple TBF Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..01 = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ 1... .... = Extended RLC/MAC Control Message Segmentation Capability: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .1.. .... = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures</span><br><span style="color: hsl(120, 100%, 40%);">+ ...0 .... = PS Handover Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ MS RA capability 2</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .011 1... .... = Access Technology Type: GSM 850 (7)</span><br><span style="color: hsl(120, 100%, 40%);">+ .010 0010 = Length in bits: 0x22 (34)</span><br><span style="color: hsl(120, 100%, 40%);">+ 100. .... RF Power Capability, GMSK Power Class: 2 W (33 dBm) (4)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 1... = Controlled early Classmark Sending: Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .1.. = Pseudo Synchronisation: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = Voice Group Call Service: no VGCS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 = Voice Broadcast Service: no VBS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ 0... .... = Multislot capability struct: Not Present</span><br><span style="color: hsl(120, 100%, 40%);">+ .1.. .... = 8PSK Power Capability Bits: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ 8PSK Power Capability: Power class E2 (2)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0... = COMPACT Interference Measurement Capability: Not Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .1.. = Revision Level Indicator: The ME is Release '99 onwards</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = UMTS FDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ 0... .... = CDMA 2000 Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .0.. .... = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ ..1. .... = GERAN Feature Package 1: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0... = Modulation based multislot class support: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ High Multislot Capability: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = GERAN Iu mode: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ ...0 .... = Multiple TBF Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 01.. = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..1. = Extended RLC/MAC Control Message Segmentation Capability: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...1 = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures</span><br><span style="color: hsl(120, 100%, 40%);">+ .0.. .... = PS Handover Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ MS RA capability 3</span><br><span style="color: hsl(120, 100%, 40%);">+ ...0 011. = Access Technology Type: GSM 1800 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 1000 10.. = Length in bits: 0x22 (34)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..00 1... .... RF Power Capability, GMSK Power Class: 1 W (30 dBm) (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ ..1. .... = Controlled early Classmark Sending: Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ ...1 .... = Pseudo Synchronisation: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0... = Voice Group Call Service: no VGCS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .0.. = Voice Broadcast Service: no VBS capability or no notifications wanted</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = Multislot capability struct: Not Present</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...1 = 8PSK Power Capability Bits: Present</span><br><span style="color: hsl(120, 100%, 40%);">+ 8PSK Power Capability: Power class E2 (2)</span><br><span style="color: hsl(120, 100%, 40%);">+ ..0. .... = COMPACT Interference Measurement Capability: Not Implemented</span><br><span style="color: hsl(120, 100%, 40%);">+ ...1 .... = Revision Level Indicator: The ME is Release '99 onwards</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0... = UMTS FDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .0.. = UMTS 3.84 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ..0. = CDMA 2000 Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 = UMTS 1.28 Mcps TDD Radio Access Technology Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ 1... .... = GERAN Feature Package 1: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ Extended DTM EGPRS Multi Slot Class: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ ..0. .... = Modulation based multislot class support: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ High Multislot Capability: Bits are not available (0)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 0... = GERAN Iu mode: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ GMSK Multislot Power Profile: GMSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ 8-PSK Multislot Power Profile: 8-PSK_MULTISLOT_POWER_PROFILE 3 (3)</span><br><span style="color: hsl(120, 100%, 40%);">+ .0.. .... = Multiple TBF Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+ ..01 .... = Downlink Advanced Receiver Performance: Downlink Advanced Receiver Performance - phase I supported (1)</span><br><span style="color: hsl(120, 100%, 40%);">+ .... 1... = Extended RLC/MAC Control Message Segmentation Capability: Supported</span><br><span style="color: hsl(120, 100%, 40%);">+ .... .1.. = DTM Enhancements Capability: The mobile station supports enhanced DTM CS establishment and enhanced DTM CS release procedures</span><br><span style="color: hsl(120, 100%, 40%);">+ .... ...0 = PS Handover Capability: Not supported</span><br><span style="color: hsl(120, 100%, 40%);">+*/</span><br><span style="color: hsl(120, 100%, 40%);">+ bitvec_unhex(bv_dec, "1933432b37159ef90879cba28c6421e72688b190879c00");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ printf("=== Test decoding of multi-band MS RA Capability ===\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = decode_gsm_ra_cap(bv_dec, &data);</span><br><span style="color: hsl(120, 100%, 40%);">+ OSMO_ASSERT(rc == CSN_ERROR_STREAM_NOT_SUPPORTED);</span><br><span style="color: hsl(120, 100%, 40%);">+#if 0</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Make sure there's 1 value (currently fails due to failed decoding) */</span><br><span style="color: hsl(120, 100%, 40%);">+ OSMO_ASSERT(data.Count_MS_RA_capability_value == 3);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Make sure GPRS / EGPRS multislot class is parsed correctly */</span><br><span style="color: hsl(120, 100%, 40%);">+ printf("GPRS multislot class = %u\n", Decoding::get_ms_class_by_capability(&data));</span><br><span style="color: hsl(120, 100%, 40%);">+ printf("EGPRS multislot class = %u\n", Decoding::get_egprs_ms_class_by_capability(&data));</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+ bitvec_free(bv_dec);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> int main(int argc, char *argv[])</span><br><span> {</span><br><span> void *ctx = talloc_named_const(NULL, 1, "RLCMACTest");</span><br><span>@@ -346,5 +486,6 @@</span><br><span> testCsnLeftAlignedVarBmpBounds(ctx);</span><br><span> testRAcap(ctx);</span><br><span> testMalformedRAcap(ctx);</span><br><span style="color: hsl(120, 100%, 40%);">+ testRAcap2(ctx);</span><br><span> talloc_free(ctx);</span><br><span> }</span><br><span>diff --git a/tests/rlcmac/RLCMACTest.err b/tests/rlcmac/RLCMACTest.err</span><br><span>index 4434d9b..b225bfd 100644</span><br><span>--- a/tests/rlcmac/RLCMACTest.err</span><br><span>+++ b/tests/rlcmac/RLCMACTest.err</span><br><span>@@ -39,3 +39,4 @@</span><br><span> DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 21 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | DCSN1 ERROR csnStreamDecoder: error NEED_MORE BITS TO UNPACK (-5) at EGPRS_multislot_class (idx 31): End Multislot_capability | </span><br><span> DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 29 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 0 | EGPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_DTM_GPRS_multislot_class = 0 | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 0 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = NULL | UMTS_FDD_Radio_Access_Technology_Capability = NULL | UMTS_384_TDD_Radio_Access_Technology_Capability = NULL | CDMA2000_Radio_Access_Technology_Capability = NULL | UMTS_128_TDD_Radio_Access_Technology_Capability = NULL | GERAN_Feature_Package_1 = NULL | Modulation_based_multislot_class_support = NULL | GMSK_MultislotPowerProfile = NULL | EightPSK_MultislotProfile = NULL | MultipleTBF_Capability = NULL | DownlinkAdvancedReceiverPerformance = NULL | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = NULL | DTM_EnhancementsCapability = NULL | PS_HandoverCapability = NULL | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } | </span><br><span> DRLCMACDATA NOTICE Got 143 remaining bits unhandled by decoder at the end of bitvec</span><br><span style="color: hsl(120, 100%, 40%);">+DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 73 | offset = 4 | RF_Power_Capability = 4 | Exist_A5_bits = 1 | A5_bits = 80 | ES_IND = 1 | PS = 1 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 12 | GPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_SM = 1 | SMS_VALUE = 7 | SM_VALUE = 1 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 12 | EGPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_DTM_GPRS_multislot_class = 1 | DTM_GPRS_multislot_class = 3 | Single_Slot_DTM = 0 | : DTM_EGPRS_Params | Exist_DTM_EGPRS_multislot_class = 1 | DTM_EGPRS_multislot_class = 3 | : End DTM_EGPRS_Params | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 1 | Eight_PSK_Power_Capability = 2 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = 1 | UMTS_FDD_Radio_Access_Technology_Capability = 0 | UMTS_384_TDD_Radio_Access_Technology_Capability = 0 | CDMA2000_Radio_Access_Technology_Capability = 0 | UMTS_128_TDD_Radio_Access_Technology_Capability = 0 | GERAN_Feature_Package_1 = 1 | Exist_Extended_DTM_multislot_class = 0 | Modulation_based_multislot_class_support = 0 | Exist_HighMultislotCapability = 0 | Exist_GERAN_lu_ModeCapability = 0 | GMSK_MultislotPowerProfile = 3 | EightPSK_MultislotProfile = 3 | MultipleTBF_Capability = 0 | DownlinkAdvancedReceiverPerformance = 1 | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = 1 | DTM_EnhancementsCapability = 1 | Exist_DTM_GPRS_HighMultislotClass = 0 | PS_HandoverCapability = 0 | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } | MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 7 | u.Content length = 34 | offset = 4 | RF_Power_Capability = 4 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 1 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 0 | Exist_Eight_PSK_Power_Capability = 1 | Eight_PSK_Power_Capability = 2 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = 1 | UMTS_FDD_Radio_Access_Technology_Capability = 0 | UMTS_384_TDD_Radio_Access_Technology_Capability = 0 | CDMA2000_Radio_Access_Technology_Capability = 0 | UMTS_128_TDD_Radio_Access_Technology_Capability = 0 | GERAN_Feature_Package_1 = 1 | Exist_Extended_DTM_multislot_class = 0 | Modulation_based_multislot_class_support = 0 | Exist_HighMultislotCapability = 0 | Exist_GERAN_lu_ModeCapability = 0 | GMSK_MultislotPowerProfile = 3 | EightPSK_MultislotProfile = 3 | MultipleTBF_Capability = 0 | DownlinkAdvancedReceiverPerformance = 1 | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = 1 | DTM_EnhancementsCapability = 1 | Exist_DTM_GPRS_HighMultislotClass = 0 | PS_HandoverCapability = 0 | DTM_Handover_Capability = NULL | FlexibleTimeslotAssignment = NULL | GAN_PS_HandoverCapability = NULL | RLC_Non_persistentMode = NULL | ReducedLatencyCapability = NULL | UplinkEGPRS2 = NULL | DownlinkEGPRS2 = NULL | EUTRA_FDD_Support = NULL | EUTRA_TDD_Support = NULL | GERAN_To_EUTRAN_supportInGERAN_PTM = NULL | PriorityBasedReselectionSupport = NULL | MS_RA_capability_value } | error: MS_RA_capability_value: too many elements (>2) in recursive array. Increase its size! } |DCSN1 ERROR csnStreamDecoder: error STREAM_NOT_SUPPORTED (-8) at MS_RA_capability_value (idx 131)</span><br><span>diff --git a/tests/rlcmac/RLCMACTest.ok b/tests/rlcmac/RLCMACTest.ok</span><br><span>index ffcaeb3..313511f 100644</span><br><span>--- a/tests/rlcmac/RLCMACTest.ok</span><br><span>+++ b/tests/rlcmac/RLCMACTest.ok</span><br><span>@@ -144,3 +144,5 @@</span><br><span> *** testMalformedRAcap ***</span><br><span> === Test decoding of MS RA Capability ===</span><br><span> decode_gsm_ra_cap() returns 0</span><br><span style="color: hsl(120, 100%, 40%);">+*** testRAcap2 ***</span><br><span style="color: hsl(120, 100%, 40%);">+=== Test decoding of multi-band MS RA Capability ===</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-pcu/+/17572">change 17572</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-pcu/+/17572"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-pcu </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I9fe0e55e0a6a41ae2cc885fba490c1d4a186231e </div>
<div style="display:none"> Gerrit-Change-Number: 17572 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>