[MERGED] osmo-bsc[master]: fix gsm0408_test: properly free bts struct after each test

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Wed Mar 28 22:06:09 UTC 2018


Harald Welte has submitted this change and it was merged.

Change subject: fix gsm0408_test: properly free bts struct after each test
......................................................................


fix gsm0408_test: properly free bts struct after each test

Add missing deletion of osmo_stat_item_group_free(bts->bts_statg).
Add missing bts free after test_si_ba_ind().

Log deallocation, update expected test output.

This fixes some of the errors of gsm0408_test's SI tests, as revealed by a
sanitizer build using gcc (Debian 7.3.0-12) 7.3.0.

Fixes:

=================================================================
==19273==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0000004b8 at pc 0x7f1561a94621 bp 0x7ffe7a7a64a0 sp 0x7ffe7a7a6498
WRITE of size 8 at 0x60d0000004b8 thread T0
    #0 0x7f1561a94620 in __llist_add ../../../src/libosmocore/include/osmocom/core/linuxlist.h:75
    #1 0x7f1561a94620 in llist_add ../../../src/libosmocore/include/osmocom/core/linuxlist.h:90
    #2 0x7f1561a94620 in osmo_stat_item_group_alloc ../../../src/libosmocore/src/stat_item.c:141
    #3 0x5574f6a19935 in gsm_bts_alloc ../../../../src/osmo-bsc/src/libbsc/gsm_data.c:728
    #4 0x5574f6a12920 in bts_init ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:123
    #5 0x5574f6a0ddb3 in test_si2q_e ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:192
    #6 0x5574f6a0ddb3 in main ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:824
    #7 0x7f156061aa86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
    #8 0x5574f6a10339 in _start (/n/s/dev/make/osmo-bsc/tests/gsm0408/gsm0408_test+0xfc339)

Change-Id: I1ebbd8cc0622ce1a061e933813829b1f770072dc
---
M tests/gsm0408/gsm0408_test.c
M tests/gsm0408/gsm0408_test.ok
2 files changed, 23 insertions(+), 10 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/tests/gsm0408/gsm0408_test.c b/tests/gsm0408/gsm0408_test.c
index 0a2adcd..9fd4ac7 100644
--- a/tests/gsm0408/gsm0408_test.c
+++ b/tests/gsm0408/gsm0408_test.c
@@ -132,6 +132,16 @@
 	return bts;
 }
 
+#define bts_del(bts) _bts_del(bts, __func__)
+static inline void _bts_del(struct gsm_bts *bts, const char *msg)
+{
+	osmo_stat_item_group_free(bts->bts_statg);
+	rate_ctr_group_free(bts->bts_ctrs);
+	/* no need to llist_del(&bts->list), we never registered the bts there. */
+	talloc_free(bts);
+	printf("BTS deallocated OK in %s()\n", msg);
+}
+
 static inline void test_si2q_segfault(struct gsm_network *net)
 {
 	struct gsm_bts *bts = bts_init(tall_bsc_ctx, net, __func__);
@@ -141,8 +151,7 @@
 	_bts_uarfcn_add(bts, 10612, 319, 0);
 	gen(bts, __func__);
 
-	rate_ctr_group_free(bts->bts_ctrs);
-	talloc_free(bts);
+	bts_del(bts);
 }
 
 static inline void test_si2q_mu(struct gsm_network *net)
@@ -158,8 +167,7 @@
 	_bts_uarfcn_add(bts, 10613, 164, 0);
 	_bts_uarfcn_add(bts, 10613, 14, 0);
 
-	rate_ctr_group_free(bts->bts_ctrs);
-	talloc_free(bts);
+	bts_del(bts);
 }
 
 static inline void test_si2q_u(struct gsm_network *net)
@@ -183,8 +191,7 @@
 	_bts_uarfcn_add(bts, 1982, 14, 0);
 	_bts_uarfcn_add(bts, 1982, 88, 0);
 
-	rate_ctr_group_free(bts->bts_ctrs);
-	talloc_free(bts);
+	bts_del(bts);
 }
 
 static inline void test_si2q_e(struct gsm_network *net)
@@ -213,8 +220,7 @@
 	add_earfcn_b(bts, 1967, 4);
 	add_earfcn_b(bts, 1982, 3);
 
-	rate_ctr_group_free(bts->bts_ctrs);
-	talloc_free(bts);
+	bts_del(bts);
 }
 
 static inline void test_si2q_long(struct gsm_network *net)
@@ -258,8 +264,7 @@
 	_bts_uarfcn_add(bts, 1976, 225, 1);
 	_bts_uarfcn_add(bts, 1976, 226, 1);
 
-	rate_ctr_group_free(bts->bts_ctrs);
-	talloc_free(bts);
+	bts_del(bts);
 }
 
 static void test_mi_functionality(void)
@@ -680,6 +685,8 @@
 	printf("SI5ter: %s\n", osmo_hexdump((uint8_t *)si5ter, rc));
 	/* Validate BA-IND == 1 */
 	OSMO_ASSERT(si5ter->bcch_frequency_list[0] & 0x10);
+
+	bts_del(bts);
 }
 
 struct test_gsm48_ra_id_by_bts {
diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok
index ef9fea7..6bb1140 100644
--- a/tests/gsm0408/gsm0408_test.ok
+++ b/tests/gsm0408/gsm0408_test.ok
@@ -65,6 +65,7 @@
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7f 52 e8 0a 7e 0b 2b 2b 2b 2b 2b 2b 2b 2b 
 generating SI2quater for 0 EARFCNs and 2 UARFCNs...
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7f 52 e8 0a 7e 0b 2b 2b 2b 2b 2b 2b 2b 2b 
+BTS deallocated OK in test_si2q_segfault()
 BTS allocation OK in test_si2q_e()
 Testing SYSINFO_TYPE_2quater EARFCN generation:
 generating SI2quater for 0 EARFCNs and 0 UARFCNs...
@@ -89,6 +90,7 @@
 added EARFCN 1982 - generating SI2quater for 7 EARFCNs and 0 UARFCNs...
 generated valid SI2quater [00/01]: [23] 59 06 07 40 20 04 86 59 83 be cc 1e 31 07 91 a8 3c ca 0f 5a 0a 03 2b 
 generated valid SI2quater [01/01]: [23] 59 06 07 42 20 04 86 59 83 d7 e4 1e fa c2 80 2b 2b 2b 2b 2b 2b 2b 2b 
+BTS deallocated OK in test_si2q_e()
 BTS allocation OK in test_si2q_u()
 Testing SYSINFO_TYPE_2quater UARFCN generation:
 generating SI2quater for 0 EARFCNs and 0 UARFCNs...
@@ -115,6 +117,7 @@
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 0f 7c 50 1c 3b 31 fa dd 88 85 7b c4 1c 2b 2b 2b 2b 
 generating SI2quater for 0 EARFCNs and 11 UARFCNs...
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 0f 7c 58 1c 3b 25 7a ea 08 91 fb c4 1f b0 2b 2b 2b 
+BTS deallocated OK in test_si2q_u()
 BTS allocation OK in test_si2q_mu()
 Test SI2quater multiple UARFCNs:
 generating SI2quater for 0 EARFCNs and 1 UARFCNs...
@@ -131,6 +134,7 @@
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7d 52 e8 18 3f f4 90 54 ba 84 52 67 03 2b 
 generating SI2quater for 0 EARFCNs and 7 UARFCNs...
 generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7d 52 e8 18 3f f4 90 54 ba 86 20 73 8c 81 
+BTS deallocated OK in test_si2q_mu()
 BTS allocation OK in test_si2q_long()
 Testing SYSINFO_TYPE_2quater combined EARFCN & UARFCN generation:
 generating SI2quater for 17 EARFCNs and 1 UARFCNs...
@@ -205,6 +209,7 @@
 generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b 
 generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b 
 generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b 
+BTS deallocated OK in test_si2q_long()
 BTS allocation OK in test_si_ba_ind()
 Testing if BA-IND is set as expected in SI2xxx and SI5xxx
 SI2: 59 06 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
@@ -213,6 +218,7 @@
 SI5: 06 1d 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 SI5bis: 06 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 SI5ter: 06 06 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
+BTS deallocated OK in test_si_ba_ind()
 test_gsm48_ra_id_by_bts[0]: digits='00f120' lac=0x0300=htons(3) rac=0x04=4 pass
 test_gsm48_ra_id_by_bts[1]: digits='002100' lac=0x0300=htons(3) rac=0x04=4 pass
 test_gsm48_ra_id_by_bts[2]: digits='00f000' lac=0x0000=htons(0) rac=0x00=0 pass

-- 
To view, visit https://gerrit.osmocom.org/7562
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1ebbd8cc0622ce1a061e933813829b1f770072dc
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list