<div dir="ltr"><div>Hi Romeu,</div><div><br></div>I've fixed this issue. There is a big bug in ogs_realloc();<div><br></div><div>The issue link as below,</div><div>OGSLib : <a href="https://github.com/open5gs/ogslib/issues/4">https://github.com/open5gs/ogslib/issues/4</a></div><div>NextEPC: <a href="https://github.com/open5gs/nextepc/issues/231">https://github.com/open5gs/nextepc/issues/231</a></div><div><br></div><div>The code is fixed like the following.</div><div><a href="https://github.com/open5gs/ogslib/commit/4a6c2e2a4afcc3337b2748d0df645b4b57c0750d">https://github.com/open5gs/ogslib/commit/4a6c2e2a4afcc3337b2748d0df645b4b57c0750d</a><br></div><div><br></div><div>Many thanks!</div><div><br></div><div>Best Regards,</div><div> Sukchan</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 24, 2019 at 10:20 PM Sukchan Lee <<a href="mailto:acetcom@gmail.com">acetcom@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Ah, one more modification is needed as below.<div><br></div><div>diff --git a/src/mme/s1ap-build.c b/src/mme/s1ap-build.c<br>index a49d117e..cfbedc87 100644<br>--- a/src/mme/s1ap-build.c<br>+++ b/src/mme/s1ap-build.c<br>@@ -531,7 +531,8 @@ int s1ap_build_initial_context_setup_request(<br> ogs_assert(mme_ue->p_tmsi);<br> s1ap_uint16_to_OCTET_STRING(mme_ue->csmap->lai.lac, &LAI->lAC);<br><br>- } else if (mme_ue->ueRadioCapability.buf &&<br>+ }<br>+ if (mme_ue->ueRadioCapability.buf &&<br> mme_ue->ueRadioCapability.size) {<br> /* Set UeRadioCapability if exists */<br> S1AP_UERadioCapability_t *UERadioCapability = NULL;<br></div><div><br></div><div>The above change is also needed to encode more than 9 procotol IE.</div><div><br></div><div>Thanks!</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 24, 2019 at 10:18 PM Sukchan Lee <<a href="mailto:acetcom@gmail.com" target="_blank">acetcom@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">It seems that this is not a problem with the asn1c library. There is a bug in ogs_calloc()/ogs_free().<div><br></div><div>I've changed memory alloc()/free() as below.</div><div><a href="https://github.com/open5gs/nextepc/commit/dba1fcac5c29509a9e662a9fedc37a674a416df3" target="_blank">https://github.com/open5gs/nextepc/commit/dba1fcac5c29509a9e662a9fedc37a674a416df3</a><br></div><div><br></div><div>And then, the source code is modified like the following.</div><div>diff --git a/lib/asn1c/common/asn_internal.h b/lib/asn1c/common/asn_internal.h<br>index 77e005f7..d561043b 100644<br>--- a/lib/asn1c/common/asn_internal.h<br>+++ b/lib/asn1c/common/asn_internal.h<br>@@ -23,7 +23,7 @@ extern "C" {<br> #define ASN1C_ENVIRONMENT_VERSION 923 /* Compile-time version */<br> int get_asn1c_environment_version(void); /* Run-time version */<br><br>-#if 0 /* modified by acetcom */<br>+#if 1 /* modified by acetcom */<br> #define CALLOC(nmemb, size) calloc(nmemb, size)<br> #define MALLOC(size) malloc(size)<br> #define REALLOC(oldptr, size) realloc(oldptr, size)<br></div><div><br></div><div>So, s1ap encoder/decoder is executed with system's calloc()/free().</div><div><br></div><div>And then, run the following command.</div><div>$ ./test/testcsfb crash-test</div><div><br></div><div>The above test is not crashed.</div><div>Of course, if ogs_calloc()/ogs_free() is used, the above test command is crashed.<br></div><div><br></div><div>So, I need to analyze what the bug of ogs-memory.c raise this crash.</div><div><br></div><div>Thanks!</div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 22, 2019 at 12:02 AM Sukchan Lee <<a href="mailto:acetcom@gmail.com" target="_blank">acetcom@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Harald,<br>
<br>
Of course, I will. But before that I should check the other asn1c upstream version. And I need to reproduce test code for asn1c hacker to analyze this problem easily.<br>
<br>
And then, I will post this issue.<br>
<br>
Thanks a lot!<br>
<br>
Best Regards<br>
Sukchan<br>
<br>
2019. 7. 21. 오후 11:41, Harald Welte <<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>> 작성:<br>
<br>
> Hi Sukchan,<br>
> <br>
>> On Sun, Jul 21, 2019 at 10:59:44PM +0900, Sukchan Lee wrote:<br>
>> The bad news seems to be a problem with the asn1c library.<br>
>> More than 9 protocol IE cannot be built from InitialContextSetupRequest.<br>
> <br>
> I suggest to report this upstream to the asn1c hackers and ask for theri help.<br>
> <br>
> It may also work using one of the other versions/branches of asn1c for comparison.<br>
> -- <br>
> - Harald Welte <<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>> <a href="http://laforge.gnumonks.org/" rel="noreferrer" target="_blank">http://laforge.gnumonks.org/</a><br>
> ============================================================================<br>
> "Privacy in residential applications is a desirable marketing option."<br>
> (ETSI EN 300 175-7 Ch. A6)<br>
</blockquote></div>
</blockquote></div>
</blockquote></div>