[PATCH] openbsc[master]: abis: fix unaligned memory access

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Thu Aug 31 11:10:10 UTC 2017 

Hello Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/3750

to look at the new patch set (#3).

abis: fix unaligned memory access

* replace pointer arithmetic and direct assignment with struct
  modification and function call to prevent unaligned memory
  access on arm
* remove redundant functions
* constify function parameter

Change-Id: Ie8a3107c22cd7f3682fac037e04a50ef3ea9171c
Fixes: OS#2472
---
M openbsc/include/openbsc/abis_nm.h
M openbsc/include/openbsc/gsm_data.h
M openbsc/src/libbsc/abis_nm.c
M openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c
M openbsc/src/libcommon/gsm_data.c
5 files changed, 15 insertions(+), 26 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/50/3750/3

diff --git a/openbsc/include/openbsc/abis_nm.h b/openbsc/include/openbsc/abis_nm.h
index db2a659..658e2bb 100644
--- a/openbsc/include/openbsc/abis_nm.h
+++ b/openbsc/include/openbsc/abis_nm.h
@@ -157,7 +157,7 @@
 				uint8_t *attr, uint8_t attr_len);
 int abis_nm_ipaccess_rsl_connect(struct gsm_bts_trx *trx, 
 				 uint32_t ip, uint16_t port, uint8_t stream);
-void abis_nm_ipaccess_cgi(uint8_t *buf, struct gsm_bts *bts);
+void abis_nm_ipaccess_cgi(uint8_t *buf, const struct gsm_bts *bts, bool rac_lac_override);
 int ipac_parse_bcch_info(struct ipac_bcch_info *binf, uint8_t *buf);
 const char *ipacc_testres_name(uint8_t res);
 
diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index 4035b39..995ffea 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -558,8 +558,6 @@
 const char *bts_gprs_mode_name(enum bts_gprs_mode mode);
 int bts_gprs_mode_is_compat(struct gsm_bts *bts, enum bts_gprs_mode mode);
 
-int gsm48_ra_id_by_bts(uint8_t *buf, struct gsm_bts *bts);
-void gprs_ra_id_by_bts(struct gprs_ra_id *raid, struct gsm_bts *bts);
 struct gsm_meas_rep *lchan_next_meas_rep(struct gsm_lchan *lchan);
 
 int gsm_btsmodel_set_feature(struct gsm_bts_model *model, enum gsm_bts_features feat);
diff --git a/openbsc/src/libbsc/abis_nm.c b/openbsc/src/libbsc/abis_nm.c
index cf20d7c..80e4183 100644
--- a/openbsc/src/libbsc/abis_nm.c
+++ b/openbsc/src/libbsc/abis_nm.c
@@ -2783,12 +2783,20 @@
 				     attr, attr_len);
 }
 
-void abis_nm_ipaccess_cgi(uint8_t *buf, struct gsm_bts *bts)
+void abis_nm_ipaccess_cgi(uint8_t *buf, const struct gsm_bts *bts, bool rac_lac_override)
 {
-	/* we simply reuse the GSM48 function and overwrite the RAC
-	 * with the Cell ID */
-	gsm48_ra_id_by_bts(buf, bts);
-	*((uint16_t *)(buf + 5)) = htons(bts->cell_identity);
+	struct gprs_ra_id raid;
+
+	raid.mcc = bts->network->country_code;
+	raid.mnc = bts->network->network_code;
+	raid.lac = bts->location_area_code;
+	raid.rac = bts->gprs.rac;
+
+	gsm48_construct_ra(buf, &raid);
+
+	/* FIXME: we try to overwrite the RAC (1 byte) with the Cell ID (2 bytes) so we also override part of LAC?! */
+	if (rac_lac_override)
+		osmo_store16be(bts->cell_identity, buf + 5);
 }
 
 void gsm_trx_lock_rf(struct gsm_bts_trx *trx, int locked)
diff --git a/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c b/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c
index 473e1ca..42575a0 100644
--- a/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c
+++ b/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c
@@ -101,7 +101,7 @@
 
 	msgb_tv_put(msgb, NM_ATT_BSIC, bts->bsic);
 
-	abis_nm_ipaccess_cgi(buf, bts);
+	abis_nm_ipaccess_cgi(buf, bts, true);
 	msgb_tl16v_put(msgb, NM_ATT_IPACC_CGI, 7, buf);
 
 	return msgb;
diff --git a/openbsc/src/libcommon/gsm_data.c b/openbsc/src/libcommon/gsm_data.c
index f1049e9..f6e775b 100644
--- a/openbsc/src/libcommon/gsm_data.c
+++ b/openbsc/src/libcommon/gsm_data.c
@@ -335,23 +335,6 @@
 	return bts;
 }
 
-void gprs_ra_id_by_bts(struct gprs_ra_id *raid, struct gsm_bts *bts)
-{
-	raid->mcc = bts->network->country_code;
-	raid->mnc = bts->network->network_code;
-	raid->lac = bts->location_area_code;
-	raid->rac = bts->gprs.rac;
-}
-
-int gsm48_ra_id_by_bts(uint8_t *buf, struct gsm_bts *bts)
-{
-	struct gprs_ra_id raid;
-
-	gprs_ra_id_by_bts(&raid, bts);
-
-	return gsm48_construct_ra(buf, &raid);
-}
-
 int gsm_parse_reg(void *ctx, regex_t *reg, char **str, int argc, const char **argv)
 {
 	int ret;

-- 
To view, visit https://gerrit.osmocom.org/3750
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ie8a3107c22cd7f3682fac037e04a50ef3ea9171c
Gerrit-PatchSet: 3
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>

More information about the gerrit-log mailing list