Project

General

Profile

Bug #3024

include/osmo-bts/l1sap.h/L1SAP_FN2CCCHBLOCK: possible overflow

Added by fixeria 9 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/01/2018
Due date:
% Done:

100%

Spec Reference:

Description

Have a look at the:

#define L1SAP_FN2CCCHBLOCK(fn) ((fn % 51) / 5 - 1)

if (fn < 5), we may get (0 / 5 - 1) (0 - 1) -1.

Is this expected?

History

#1 Updated by laforge 2 months ago

  • Assignee set to laforge

#2 Updated by laforge 2 months ago

well, (fn%51) < 6 doesn't occur on the CCCH, but only on the BCCH. So if somebody is using this macro from a non-CCCH context, then that's a bug. We could add an OSMO_ASSERT(fn >= 6) to be sure.

(fn%51) 5 is also illegal in this context, even though it renders a result. (fn%51)6 is the first burst of B0 on CCCH.

#3 Updated by laforge 2 months ago

actually, that entire function is super incorrect, if you use it for arbitrary frame numbers. I think it would be best to replace it with a lookup table...

#4 Updated by laforge 2 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 80

#5 Updated by laforge 2 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 80 to 100

patch merged

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)