lchan->s and integer overflow

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

jolly andreas at eversberg.eu
Tue Mar 12 09:13:01 UTC 2013


Holger Hans Peter Freyther wrote:
> Dear Jolly,
>
> from a quick look it appears to be that a very long running connection
> could overflow lchan->s to a negative number. Could you either make this
> code robust or explain why it is not needed? E.g. if we assume that this
> happens once per multiframe the counter will overflow within 1.3 hours?
>
> holger
>   
hi holger,

lchan->s must never raise above btsb->radio_link_timeout. look at the
commit:

+ /* count up radio link counter S */
+ lchan->s += 2;
+ if (lchan->s > btsb->radio_link_timeout)
+ lchan->s = btsb->radio_link_timeout;

if there would be no limit, a loss of link might also take hours until
detected.

have i overseen something?

regards,

andreas





More information about the OpenBSC mailing list