Project

General

Profile

Actions

Bug #3024

closed

include/osmo-bts/l1sap.h/L1SAP_FN2CCCHBLOCK: possible overflow

Added by fixeria about 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/01/2018
Due date:
% Done:

100%

Spec Reference:

Description

Have a look at the:

#define L1SAP_FN2CCCHBLOCK(fn) ((fn % 51) / 5 - 1)

if (fn < 5), we may get (0 / 5 - 1) (0 - 1) -1.

Is this expected?

Actions #1

Updated by laforge over 5 years ago

  • Assignee set to laforge
Actions #2

Updated by laforge over 5 years ago

well, (fn%51) < 6 doesn't occur on the CCCH, but only on the BCCH. So if somebody is using this macro from a non-CCCH context, then that's a bug. We could add an OSMO_ASSERT(fn >= 6) to be sure.

(fn%51) 5 is also illegal in this context, even though it renders a result. (fn%51)6 is the first burst of B0 on CCCH.

Actions #3

Updated by laforge over 5 years ago

actually, that entire function is super incorrect, if you use it for arbitrary frame numbers. I think it would be best to replace it with a lookup table...

Actions #4

Updated by laforge over 5 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 80
Actions #5

Updated by laforge over 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 80 to 100

patch merged

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)