[PATCH] osmo-bsc[master]: range_enc_arfcns: avoid runtime error on zero size

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Wed Mar 28 17:25:35 UTC 2018 

Review at  https://gerrit.osmocom.org/7561

range_enc_arfcns: avoid runtime error on zero size

If size <= 1, avoid allocating arfcns_left[size / 2], which results in a zero
size and causes, with gcc 7.3.0 sanitizer, runtime errors:

../../../../src/osmo-bsc/src/libbsc/arfcn_range_encode.c:95:6: runtime error: variable length array bound evaluates to non-positive value 0
../../../../src/osmo-bsc/src/libbsc/arfcn_range_encode.c:96:6: runtime error: variable length array bound evaluates to non-positive value 0

This fixes some of the errors of gsm0408_test, as revealed by a sanitizer build
using gcc (Debian 7.3.0-12) 7.3.0.

Change-Id: Idab2a194fb9d7c41ed3367f935080eaae4ce367f
---
M src/libbsc/arfcn_range_encode.c
1 file changed, 24 insertions(+), 18 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/61/7561/1

diff --git a/src/libbsc/arfcn_range_encode.c b/src/libbsc/arfcn_range_encode.c
index ae99fd9..84f9f63 100644
--- a/src/libbsc/arfcn_range_encode.c
+++ b/src/libbsc/arfcn_range_encode.c
@@ -74,14 +74,8 @@
 	return -1;
 }
 
-/**
- * Range encode the ARFCN list.
- * \param range The range to use.
- * \param arfcns The list of ARFCNs
- * \param size The size of the list of ARFCNs
- * \param out Place to store the W(i) output.
- */
-int range_enc_arfcns(enum gsm48_range range,
+/* Worker for range_enc_arfcns(), do not call directly. */
+int _range_enc_arfcns(enum gsm48_range range,
 		const int *arfcns, int size, int *out,
 		const int index)
 {
@@ -98,16 +92,6 @@
 	int r_size;
 	int l_origin;
 	int r_origin;
-
-
-	/* Test the two recursion anchors and stop processing */
-	if (size == 0)
-		return 0;
-
-	if (size == 1) {
-		out[index] = 1 + arfcns[0];
-		return 0;
-	}
 
 	/* Now do the processing */
 	split_at = range_enc_find_index(range, arfcns, size);
@@ -140,6 +124,28 @@
 	return 0;
 }
 
+/**
+ * Range encode the ARFCN list.
+ * \param range The range to use.
+ * \param arfcns The list of ARFCNs
+ * \param size The size of the list of ARFCNs
+ * \param out Place to store the W(i) output.
+ */
+int range_enc_arfcns(enum gsm48_range range,
+		const int *arfcns, int size, int *out,
+		const int index)
+{
+	if (size <= 0)
+		return 0;
+
+	if (size == 1) {
+		out[index] = 1 + arfcns[0];
+		return 0;
+	}
+
+	return _range_enc_arfcns(range, arfcns, size, out, index);
+}
+
 /*
  * The easiest is to use f0 == arfcns[0]. This means that under certain
  * circumstances we can encode less ARFCNs than possible with an optimal f0.

-- 
To view, visit https://gerrit.osmocom.org/7561
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idab2a194fb9d7c41ed3367f935080eaae4ce367f
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>

More information about the gerrit-log mailing list