Actions
Bug #5597
closedfix uninitialized address CID 273006
Start date:
06/29/2022
Due date:
% Done:
100%
Spec Reference:
Description
*** CID 273006: (UNINIT) /source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 136 in sccp_sap_up_cn() 130 break; 131 132 case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION): 133 /* indication of disconnect */ 134 subscr_conn = subscr_conn_get_by_id(prim->u.disconnect.conn_id, BSC_NAT_NET_CN); 135 if (!subscr_conn) { >>> CID 273006: (UNINIT) >>> Using uninitialized value "addr" when calling "bsc_nat_print_addr". 136 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.disconnect.conn_id, 137 bsc_nat_print_addr_cn(addr)); 138 goto error; 139 } 140 141 LOGP(DMAIN, LOGL_DEBUG, "Fwd via %s\n", talloc_get_name(subscr_conn)); /source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 124 in sccp_sap_up_cn() 118 break; 119 120 case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION): 121 /* connection-oriented data received */ 122 subscr_conn = subscr_conn_get_by_id(prim->u.data.conn_id, BSC_NAT_NET_CN); 123 if (!subscr_conn) { >>> CID 273006: (UNINIT) >>> Using uninitialized value "addr" when calling "bsc_nat_print_addr". 124 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.data.conn_id, 125 bsc_nat_print_addr_cn(addr)); 126 goto error; 127 } 128 129 rc = bssap_handle_dt(BSC_NAT_NET_CN, subscr_conn, oph->msg, msgb_l2len(oph->msg)); ** CID 273005: (UNINIT)
The address variable is uninitialized in case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION) and OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION. Its only used to print it in the log, which means removing bsc_nat_print_addr_cn(addr) from the log statement would fix the problem. Unfortunately this also would make debugging more difficult, however there seems also to be no way to ask libosmo-sccp for the address of a particular conn_id.
Updated by dexter almost 2 years ago
There seems to be more of the same problem:
*** CID 273005: (UNINIT) /source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 261 in sccp_sap_up_ran() 255 break; 256 257 case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION): 258 /* indication of disconnect */ 259 subscr_conn = subscr_conn_get_by_id(prim->u.disconnect.conn_id, BSC_NAT_NET_RAN); 260 if (!subscr_conn) { >>> CID 273005: (UNINIT) >>> Using uninitialized value "addr" when calling "bsc_nat_print_addr". 261 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.disconnect.conn_id, 262 bsc_nat_print_addr_ran(addr)); 263 goto error; 264 } 265 266 LOGP(DMAIN, LOGL_DEBUG, "Fwd via %s\n", talloc_get_name(subscr_conn)); /source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 249 in sccp_sap_up_ran() 243 break; 244 245 case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION): 246 /* connection-oriented data received */ 247 subscr_conn = subscr_conn_get_by_id(prim->u.data.conn_id, BSC_NAT_NET_RAN); 248 if (!subscr_conn) { >>> CID 273005: (UNINIT) >>> Using uninitialized value "addr" when calling "bsc_nat_print_addr". 249 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.data.conn_id, 250 bsc_nat_print_addr_ran(addr)); 251 goto error; 252 } 253 254 rc = bssap_handle_dt(BSC_NAT_NET_RAN, subscr_conn, oph->msg, msgb_l2len(oph->msg));
Updated by osmith almost 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Actions