laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-bsc/+/34920?usp=email )
Change subject: SI10: Fix uninitialized l_bts pointer ......................................................................
SI10: Fix uninitialized l_bts pointer
l_bts must be declared outside the for-loop. If the loop is passed with n_bts set the first time, l_bts is set. If the loop is passed with n_bts set next time(s), l_bts is used to encode additional neighbor cell infos.
Related: CID#330310 and CID#330311 Change-Id: I9dbbd066075f9ccb331616a2b59b46b1b44c8b4c --- M src/osmo-bsc/system_information.c 1 file changed, 18 insertions(+), 2 deletions(-)
Approvals: laforge: Looks good to me, approved fixeria: Looks good to me, but someone else must approve Jenkins Builder: Verified
diff --git a/src/osmo-bsc/system_information.c b/src/osmo-bsc/system_information.c index 477e9fa..141a720 100644 --- a/src/osmo-bsc/system_information.c +++ b/src/osmo-bsc/system_information.c @@ -1421,7 +1421,7 @@ const struct gsm_subscriber_connection *conn) { struct bitvec *nbv; - struct gsm_bts *s_bts = conn->lchan->ts->trx->bts; + struct gsm_bts *s_bts = conn->lchan->ts->trx->bts, *l_bts = NULL; int i; bool any_neighbor = false; int rc; @@ -1443,7 +1443,7 @@
/* Get up to 32 possible neighbor frequencies that SI10 can refer to. */ for (i = 0; i < 32; i++) { - struct gsm_bts *c_bts, *n_bts, *l_bts; + struct gsm_bts *c_bts, *n_bts; struct gsm_subscriber_connection *c; unsigned int save_cur_bit; int16_t arfcn; @@ -1478,6 +1478,7 @@ save_cur_bit = bv.cur_bit; /* Nth neighbor, so add rest octets with differential cell info. */ LOGP(DRR, LOGL_INFO, "Append cell ID %d to SI 10.\n", n_bts->cell_identity); + OSMO_ASSERT(l_bts); rc = si10_rest_octets_encode_other(s_bts, &bv, l_bts, n_bts, last_i, i); if (rc < 0) { LOGP(DRR, LOGL_INFO, "Skip cell ID %d, SI 10 would overflow.\n",