Project

General

Profile

Bug #3196

misaligned write in abis_nm_ipaccess_rsl_connect()

Added by neels 6 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
04/23/2018
Due date:
% Done:

0%

Spec Reference:

Description

20180423130614810 DNM DEBUG abis_nm.c:1966 OC=BASEBAND-TRANSCEIVER(04) INST=(00,00,ff): Sending OPSTART
../../../../src/osmo-bsc/src/libbsc/abis_nm.c:2794:24: runtime error: store to misaligned address 0x7fffffff3756 for type 'uint32_t', which requires 4 byte alignment
0x7fffffff3756: note: pointer points here
 81 0b bb 80 00 00  00 00 7f 55 55 55 00 00  60 79 6b f6 ff 7f 00 00  88 7a 7f 55 55 55 00 00  50 38
             ^ 

here

int abis_nm_ipaccess_rsl_connect(struct gsm_bts_trx *trx,
                                 uint32_t ip, uint16_t port, uint8_t stream)
{
...
        attr[4] = port & 0xff;
        *(uint32_t *)(attr+6) = ia.s_addr;
...............................^ here

Seen when starting up the network using address sanitizer build on debian testing.
gcc (Debian 7.3.0-16) 7.3.0

History

#1 Updated by stsp 5 months ago

  • Status changed from New to In Progress
  • Assignee set to stsp

I have seen this, too, when starting osmo-bsc to run BTS TTCN3 tests:

Tue May 22 12:01:33 2018 DNM <0005> abis_nm.c:573 OC=BTS(01) INST=(00,ff,ff): BTS0: ARI reported sw[0/1]: TRX_PHY_VERSION is Unknown
Tue May 22 12:01:33 2018 DRSL <0004> acc_ramp.c:162 (bts=0,trx=0) ACC RAMP: administrative state Unlocked -> Unlocked
Tue May 22 12:01:33 2018 DRSL <0004> acc_ramp.c:166 (bts=0,trx=0) ACC RAMP: operational state NULL -> Disabled
Tue May 22 12:01:33 2018 DRSL <0004> acc_ramp.c:175 (bts=0,trx=0) ACC RAMP: ignoring state change because RSL link is down

abis_nm.c:2802:24: runtime error: store to misaligned address 0x7ffc95396706 for type 'uint32_t', which requires 4 byte alignment
0x7ffc95396706: note: pointer points here
 81 0b bb 80 00 00  00 00 ed 79 28 56 00 00  e0 9c 00 00 a0 61 00 00  60 01 00 00 70 62 00 00  70 67
             ^

Tue May 22 12:01:33 2018 DRSL <0004> acc_ramp.c:162 (bts=0,trx=0) ACC RAMP: administrative state Unlocked -> Unlocked
<pre>

This problem can be fixed by using memcpy() instead of writing to a pointer with a cast. I'm preparing a patch.

#2 Updated by stsp 5 months ago

The warning disappears with this patch: https://gerrit.osmocom.org/#/c/osmo-bsc/+/9242/

#3 Updated by stsp 5 months ago

  • Status changed from In Progress to Resolved

Above patch has been merged.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)