diff options
| author | Max <msuraev@sysmocom.de> | 2016-12-14 14:51:40 +0100 |
|---|---|---|
| committer | Harald Welte <laforge@gnumonks.org> | 2017-01-23 12:32:00 +0000 |
| commit | 881064e9b81de4aee7a9cdd52184860260f8723c (patch) | |
| tree | 8c6655af403554274bd7a0486e888deda6329303 /openbsc/src/libbsc/arfcn_range_encode.c | |
| parent | 47e178190744e65079a821f40148eebcaa92bf76 (diff) | |
Prevent segfault in range encoding
* Explicitly check when ARFCN array split is impossible and return
gracefully instead of using negative index.
* Separate range encoding into generic function and use it for all
SI-related things.
* Propagate the error into that function and to its callers.
* Add separate test-case for the segfault previously triggered by this bug.
Change-Id: I3e049ab2d7c1c4d6c791b148f37e10636a8e43e0
Related: RT#7379
Diffstat (limited to 'openbsc/src/libbsc/arfcn_range_encode.c')
| -rw-r--r-- | openbsc/src/libbsc/arfcn_range_encode.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/openbsc/src/libbsc/arfcn_range_encode.c b/openbsc/src/libbsc/arfcn_range_encode.c index 99188384d..9ca48407e 100644 --- a/openbsc/src/libbsc/arfcn_range_encode.c +++ b/openbsc/src/libbsc/arfcn_range_encode.c @@ -27,6 +27,8 @@ #include <osmocom/core/utils.h> +#include <errno.h> + static inline int greatest_power_of_2_lesser_or_equal_to(int index) { int power_of_2 = 1; @@ -109,6 +111,8 @@ int range_enc_arfcns(enum gsm48_range range, /* Now do the processing */ split_at = range_enc_find_index(range, arfcns, size); + if (split_at < 0) + return -EINVAL; /* we now know where to split */ out[index] = 1 + arfcns[split_at]; |