From 881064e9b81de4aee7a9cdd52184860260f8723c Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 14 Dec 2016 14:51:40 +0100 Subject: Prevent segfault in range encoding * Explicitly check when ARFCN array split is impossible and return gracefully instead of using negative index. * Separate range encoding into generic function and use it for all SI-related things. * Propagate the error into that function and to its callers. * Add separate test-case for the segfault previously triggered by this bug. Change-Id: I3e049ab2d7c1c4d6c791b148f37e10636a8e43e0 Related: RT#7379 --- openbsc/include/openbsc/system_information.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'openbsc/include') diff --git a/openbsc/include/openbsc/system_information.h b/openbsc/include/openbsc/system_information.h index ebc3afd7e..1b19c8bc5 100644 --- a/openbsc/include/openbsc/system_information.h +++ b/openbsc/include/openbsc/system_information.h @@ -3,6 +3,8 @@ #include +#include + struct gsm_bts; int gsm_generate_si(struct gsm_bts *bts, enum osmo_sysinfo_type type); @@ -10,6 +12,8 @@ unsigned uarfcn_size(const uint16_t *u, const uint16_t *sc, size_t u_len); unsigned earfcn_size(const struct osmo_earfcn_si2q *e); unsigned range1024_p(unsigned n); unsigned range512_q(unsigned m); +int range_encode(enum gsm48_range r, int *arfcns, int arfcns_used, int *w, + int f0, uint8_t *chan_list); bool si2q_size_check(const struct gsm_bts *bts); int bts_uarfcn_del(struct gsm_bts *bts, uint16_t arfcn, uint16_t scramble); int bts_uarfcn_add(struct gsm_bts *bts, uint16_t arfcn, uint16_t scramble, -- cgit v1.2.3