Ah, one more modification is needed as below.

diff --git a/src/mme/s1ap-build.c b/src/mme/s1ap-build.c
index a49d117e..cfbedc87 100644
--- a/src/mme/s1ap-build.c
+++ b/src/mme/s1ap-build.c
@@ -531,7 +531,8 @@ int s1ap_build_initial_context_setup_request(
         ogs_assert(mme_ue->p_tmsi);
         s1ap_uint16_to_OCTET_STRING(mme_ue->csmap->lai.lac, &LAI->lAC);

-    } else if (mme_ue->ueRadioCapability.buf &&
+    }
+    if (mme_ue->ueRadioCapability.buf &&
             mme_ue->ueRadioCapability.size) {
         /* Set UeRadioCapability if exists */
         S1AP_UERadioCapability_t *UERadioCapability = NULL;

The above change is also needed to encode more than 9 procotol IE.

Thanks!



On Wed, Jul 24, 2019 at 10:18 PM Sukchan Lee <acetcom@gmail.com> wrote:
It seems that this is not a problem with the asn1c library. There is a bug in ogs_calloc()/ogs_free().

I've changed memory alloc()/free() as below.
https://github.com/open5gs/nextepc/commit/dba1fcac5c29509a9e662a9fedc37a674a416df3

And then, the source code is modified like the following.
diff --git a/lib/asn1c/common/asn_internal.h b/lib/asn1c/common/asn_internal.h
index 77e005f7..d561043b 100644
--- a/lib/asn1c/common/asn_internal.h
+++ b/lib/asn1c/common/asn_internal.h
@@ -23,7 +23,7 @@ extern "C" {
 #define        ASN1C_ENVIRONMENT_VERSION       923     /* Compile-time version */
 int get_asn1c_environment_version(void);       /* Run-time version */

-#if 0 /* modified by acetcom */
+#if 1 /* modified by acetcom */
 #define        CALLOC(nmemb, size)     calloc(nmemb, size)
 #define        MALLOC(size)            malloc(size)
 #define        REALLOC(oldptr, size)   realloc(oldptr, size)

So, s1ap encoder/decoder is executed with system's calloc()/free().

And then, run the following command.
$ ./test/testcsfb crash-test

The above test is not crashed.
Of course, if ogs_calloc()/ogs_free() is used, the above test command is crashed.

So, I need to analyze what the bug of ogs-memory.c raise this crash.

Thanks!




On Mon, Jul 22, 2019 at 12:02 AM Sukchan Lee <acetcom@gmail.com> wrote:
Hi Harald,

Of course, I will. But before that I should check the other asn1c upstream version. And I need to reproduce test code for asn1c hacker to analyze this problem easily.

And then, I will post this issue.

Thanks a lot!

Best Regards
    Sukchan

2019. 7. 21. 오후 11:41, Harald Welte <laforge@gnumonks.org> 작성:

> Hi Sukchan,
>
>> On Sun, Jul 21, 2019 at 10:59:44PM +0900, Sukchan Lee wrote:
>> The bad news seems to be a problem with the asn1c library.
>> More than 9 protocol IE cannot be built from InitialContextSetupRequest.
>
> I suggest to report this upstream to the asn1c hackers and ask for theri help.
>
> It may also work using one of the other versions/branches of asn1c for comparison.
> --
> - Harald Welte <laforge@gnumonks.org>           http://laforge.gnumonks.org/
> ============================================================================
> "Privacy in residential applications is a desirable marketing option."
>                                                  (ETSI EN 300 175-7 Ch. A6)