Change in osmo-pcu[master]: Fix assertion hit upon CCCH Paging Request

Mon, 21 Oct 2019 02:33:58 -0700 

pespin has submitted this change. ( 
https://gerrit.osmocom.org/c/osmo-pcu/+/15799 )

Change subject: Fix assertion hit upon CCCH Paging Request
......................................................................

Fix assertion hit upon CCCH Paging Request

Recent commit added an assertion to check for buffer boundaries and it
actually gets hit.
One of the 2 code paths calling pcu_l1if_tx_pch() was passing a buffer
of 23 bytes while one of maximum 22 is expected (because plen is not set
in the buffer but set inside pcu_l1if_tx_pch()).
So it seems before the assert, that code path was actually writing 1
byte outside the boundaries of data buffer, since bitvec_pack() uses
data_len field of bitvec.

Related: OS#4228
Fixes: 8dc09e73d0b361b27232526ebcd5f25cd8c7edfd
Change-Id: I84c5dfd4d5580e9d4c00ed21887cb51bd9abbd2e
---
M src/gprs_rlcmac.cpp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Jenkins Builder: Verified
  osmith: Looks good to me, but someone else must approve
  fixeria: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved



diff --git a/src/gprs_rlcmac.cpp b/src/gprs_rlcmac.cpp
index 4d93f8f..7a98a25 100644
--- a/src/gprs_rlcmac.cpp
+++ b/src/gprs_rlcmac.cpp
@@ -32,7 +32,7 @@
        const char *imsi)
 {
        LOGP(DRLCMAC, LOGL_NOTICE, "TX: [PCU -> BTS] Paging Request (CCCH)\n");
-       bitvec *paging_request = bitvec_alloc(23, tall_pcu_ctx);
+       bitvec *paging_request = bitvec_alloc(22, tall_pcu_ctx);
        bitvec_unhex(paging_request, DUMMY_VEC);
        int plen = Encoding::write_paging_request(paging_request, ptmsi, 
ptmsi_len);
        pcu_l1if_tx_pch(paging_request, plen, (char *)imsi);

--
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/15799
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I84c5dfd4d5580e9d4c00ed21887cb51bd9abbd2e
Gerrit-Change-Number: 15799
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pes...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <axilira...@gmail.com>
Gerrit-Reviewer: lynxis lazus <lyn...@fe80.eu>
Gerrit-Reviewer: osmith <osm...@sysmocom.de>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged

Reply via email to