This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/7149 gsm48_parse_meas_rep(): set num_cell=0 if no neighbor cells are reported Set mr->num_cell to 0 if the bits reflect 0x7, which means that no neighbor cell measurements are enclosed in the report. The code in gsm48_parse_meas_rep() acknowledges that, but nevertheless left num_cell == 7, and evaluating code commonly runs into the mistake of assuming that actually seven neighbors are being reported on, like: MEASUREMENT REPORT 0: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 1: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 2: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 3: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 4: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 5: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 6: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0 There are only up to 6 slots for neighbors, the above listing actually printed 7, because num_cell == 7, which is a potential segfault. (sometimes it printed uninitialized values instead of 0) We could fix all meas rep consumers to know what num_cell == 7 means, but instead setting it to 0 trivially fixes all of them. Change-Id: Ie12210660a04f2d664ddc92e7ad7fc39ee474180 --- M src/libbsc/gsm_04_08_utils.c 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/49/7149/1 diff --git a/src/libbsc/gsm_04_08_utils.c b/src/libbsc/gsm_04_08_utils.c index 3004e5d..b75b42f 100644 --- a/src/libbsc/gsm_04_08_utils.c +++ b/src/libbsc/gsm_04_08_utils.c @@ -551,8 +551,11 @@ rep->dl.sub.rx_qual = (data[2] >> 1) & 0x7; rep->num_cell = ((data[3] >> 6) & 0x3) | ((data[2] & 0x01) << 2); - if (rep->num_cell < 1 || rep->num_cell > 6) + if (rep->num_cell < 1 || rep->num_cell > 6) { + /* There are no neighbor cell reports present. */ + rep->num_cell = 0; return 0; + } /* an encoding nightmare in perfection */ mrc = &rep->cell[0]; -- To view, visit https://gerrit.osmocom.org/7149 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie12210660a04f2d664ddc92e7ad7fc39ee474180 Gerrit-PatchSet: 1 Gerrit-Project: osmo-bsc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>