This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgHello daniel, Neels Hofmeyr, Jenkins Builder,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/3878
to look at the new patch set (#5).
Check readv() return value to prevent crash
Previously result of readv() was used unconditionally so when it failed
and returned negative value it was treated like very large positive
which lead to memory corruption. Fix this and add proper error log.
Change-Id: I956c8d551f45c9dd43b5e9de11dfe20dd8783647
Related: SYS#3865
---
M src/osmo-bts-litecell15/l1_transp_hw.c
M src/osmo-bts-sysmo/l1_transp_hw.c
2 files changed, 16 insertions(+), 4 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/78/3878/5
diff --git a/src/osmo-bts-litecell15/l1_transp_hw.c b/src/osmo-bts-litecell15/l1_transp_hw.c
index 6381864..b526108 100644
--- a/src/osmo-bts-litecell15/l1_transp_hw.c
+++ b/src/osmo-bts-litecell15/l1_transp_hw.c
@@ -204,9 +204,15 @@
iov[i].iov_len = msgb_tailroom(msg[i]);
}
-
rc = readv(ofd->fd, iov, ARRAY_SIZE(iov));
- count = rc / prim_size;
+ if (rc < 0) {
+ LOGP(DL1C, LOGL_ERROR, "failed to read from fd: %s\n", strerror(errno));
+ /* N. B: we do not abort to let the cycle below cleanup allocated memory properly,
+ the return value is ignored by the caller anyway.
+ TODO: use libexplain's explain_readv() to provide detailed error description */
+ count = 0;
+ } else
+ count = rc / prim_size;
for (i = 0; i < count; ++i) {
msgb_put(msg[i], prim_size);
diff --git a/src/osmo-bts-sysmo/l1_transp_hw.c b/src/osmo-bts-sysmo/l1_transp_hw.c
index da8ac3f..9c0a514 100644
--- a/src/osmo-bts-sysmo/l1_transp_hw.c
+++ b/src/osmo-bts-sysmo/l1_transp_hw.c
@@ -215,9 +215,15 @@
iov[i].iov_len = msgb_tailroom(msg[i]);
}
-
rc = readv(ofd->fd, iov, ARRAY_SIZE(iov));
- count = rc / prim_size;
+ if (rc < 0) {
+ LOGP(DL1C, LOGL_ERROR, "failed to read from fd: %s\n", strerror(errno));
+ /* N. B: we do not abort to let the cycle below cleanup allocated memory properly,
+ the return value is ignored by the caller anyway.
+ TODO: use libexplain's explain_readv() to provide detailed error description */
+ count = 0;
+ } else
+ count = rc / prim_size;
for (i = 0; i < count; ++i) {
msgb_put(msg[i], prim_size);
--
To view, visit https://gerrit.osmocom.org/3878
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I956c8d551f45c9dd43b5e9de11dfe20dd8783647
Gerrit-PatchSet: 5
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: daniel <dwillmann at sysmocom.de>