pespin has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-bts/+/18751 )
Change subject: scheduler: Fix reading out of buffer during tx of dummy burst
on PDCH TS with EGPRS enabled
......................................................................
scheduler: Fix reading out of buffer during tx of dummy burst on PDCH TS with
EGPRS enabled
If for whatever reason (eg fn-advance too small) there's no burst
available for a PDCH TS where EGPRS is enabled, a dummy burst of size
GSM_BURST_LEN
would be selected in _sched_dl_burst(), but the nbits length would still be set
to
EGPRS_BURST_LEN above by func() pointer (tx_pdtch_fn()).
As a result, trx_if_send_burst() would later read EGPRS_BURST_LEN from the
dummy burst of size GSM_BURST_LEN.
The issue was found by ASan. See OS#4606 for more info.
Fixes: OS#4606
Change-Id: Iba6ccceed5c0f1db810259768678f174d39cbf8b
---
M src/common/scheduler.c
1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/51/18751/1
diff --git a/src/common/scheduler.c b/src/common/scheduler.c
index 55cb36a..021a4cd 100644
--- a/src/common/scheduler.c
+++ b/src/common/scheduler.c
@@ -1211,6 +1211,8 @@
trx_chan_desc[chan].name, fn, tn, bid);
#endif
bits = (ubit_t *) dummy_burst;
+ if (nbits)
+ *nbits = ARRAY_SIZE(dummy_burst);
}
return bits;
--
To view, visit https://gerrit.osmocom.org/c/osmo-bts/+/18751
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: Iba6ccceed5c0f1db810259768678f174d39cbf8b
Gerrit-Change-Number: 18751
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pes...@sysmocom.de>
Gerrit-MessageType: newchange
