https://projects.osmocom.org/https://projects.osmocom.org/favicon.ico?16647414092016-12-21T19:32:49ZOpen Source Mobile CommunicationsOsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26772016-12-21T19:32:49Zjfdionne
<ul></ul><p>jfdionne wrote:</p>
<blockquote>
<p>After call connection osmo-bts crashes with segmentation fault with AMR half rate codec. DTX was not used.</p>
<p>It has been tested with latest master branches of libosmo-abis, libosmocore, openbsc and osmo-bts. See attachement for stack trace.</p>
</blockquote>
<p>The problem seems to have been introduced to osmo-bts in commit acfccb3f028c8417df42de9a6400896eb269a614.</p> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26782016-12-21T19:33:37Zjfdionne
<ul></ul><p>jfdionne wrote:</p>
<blockquote>
<p>The problem seems to have been introduced to osmo-bts in commit acfccb3f028c8417df42de9a6400896eb269a614.</p>
</blockquote> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26792016-12-21T21:28:12Zjfdionne
<ul></ul><p>jfdionne wrote:</p>
<p>The crash is caused by an access to a DTX downlink AMR FSM structure element when DTX is not in use. The FSM structure is not allocated if DTX is not in use since osmo-bts commit acfccb3f028c8417df42de9a6400896eb269a614.</p>
<p>The faulty access is done at the beginning of dtx_dl_amr_fsm_step function of src/common/msg_utils.c. I suggest the following patch:</p>
<p>diff --git a/src/common/msg_utils.c b/src/common/msg_utils.c<br />index b844eec..a2aaf71 100644<br />--- a/src/common/msg_utils.c<br />+++ b/src/common/msg_utils.c<br /><code>@ -156,12 +156,15 </code>@ int dtx_dl_amr_fsm_step(struct gsm_lchan *lchan, const uint8_t *rtp_pl,<br /> int8_t sti, cmi;<br /> int rc;</p>
<p>- if (lchan->type GSM_LCHAN_TCH_H && /* SID-FIRST P1 <del>> P2 completion <strong>/<br /></del> lchan->tch.dtx.dl_amr_fsm->state ST_SID_F2 && !rtp_pl) {<br />- *len = 3;<br />- memcpy(l1_payload, lchan->tch.dtx.cache, 2);<br />- dtx_dispatch(lchan, E_SID_U);<br />- return 0;<br />+ if (dtx_dl_amr_enabled(lchan))<br />+ {<br />+ if (lchan->type GSM_LCHAN_TCH_H && /</strong> SID-FIRST P1 <del>> P2 completion */<br />+ lchan</del>>tch.dtx.dl_amr_fsm->state ST_SID_F2 && !rtp_pl) {<br />+ *len = 3;<br />+ memcpy(l1_payload, lchan->tch.dtx.cache, 2);<br />+ dtx_dispatch(lchan, E_SID_U);<br />+ return 0;<br />+ }<br /> }</p>
<pre><code>if (!rtp_pl_len)</code></pre> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26842016-12-22T11:50:32Zmsuraev
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>msuraev</i></li></ul> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26852016-12-22T11:57:52Zmsuraev
<ul></ul><p>Strangely enough, I'm unable to reproduce the crash. Nevertheless, I've sent your fix to geerit # 1486. Btw, in future you can send it directly to gerrit to speedup the review process.</p> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26892016-12-22T14:29:58Zmsuraev
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-2 priority-default closed" href="/issues/1801">Bug #1801</a>: AMR DTX: downlink logic flawed</i> added</li></ul> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=26902016-12-22T15:44:41Zmsuraev
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li><li><strong>Assignee</strong> changed from <i>msuraev</i> to <i>laforge</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Fix committed in 304420ca42e17ee85d896d5c9e1f2f19a43b8f39.</p> OsmoBTS - Bug #1892: AMR half rate crashes osmo-btshttps://projects.osmocom.org/issues/1892?journal_id=27802017-01-12T13:12:02Zlaforge
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul>