diff options
| author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-09-02 02:15:26 +0200 |
|---|---|---|
| committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2016-09-14 01:26:34 +0000 |
| commit | 024152683646f1b68c85de74f783b81db51d16b5 (patch) | |
| tree | 087fd8b44c6b2e0693e5f2c48aed5526259e6b03 /src | |
| parent | 9f5f008aedc910ff0ce18bf3f92b9b74f0438bf8 (diff) | |
Fix CSN1 decoding: CSN_LEFT_ALIGNED_VAR_BMP bounds
Fix attempted read past vector boundaries in case of a starting bit offset !=
0, so that the last amount of bits read should be < 8. In the case of
CSN_LEFT_ALIGNED_VAR_BMP, the mod-8 calculation was flawed, and in the final
step, 8 bits were read instead of the remainder < 8. This lead to -EINVAL being
returned by bitvec_get_bit_pos() and bogus resulting data.
Instead, read 8 bits only as long as at least 8 bits remain, and read any
remaining bits < 8 in a final step. Drop unneeded nB1 variable and an obvious
comment.
Adjust the unit test assertion in testCsnLeftAlignedVarBmpBounds() in
RLCMACTest.cpp.
Based on a fix by Aravind Sirsikar <Arvind.Sirsikar@radisys.com>, but
implemented differently.
Related: OS#1805
Change-Id: I490498c8da6b531f54acb673379379f7b10907c0
Diffstat (limited to 'src')
| -rw-r--r-- | src/csn1.cpp | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/csn1.cpp b/src/csn1.cpp index d51fe83e..a1698a58 100644 --- a/src/csn1.cpp +++ b/src/csn1.cpp @@ -1110,22 +1110,21 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, bitvec *vector, unsig { /* extract bits */ guint8* pui8 = pui8DATA(data, pDescr->offset); - gint16 nB1 = no_of_bits & 0x07;/* no_of_bits Mod 8 */ - while (no_of_bits > 0) + while (no_of_bits >= 8) { *pui8 = bitvec_read_field(vector, readIndex, 8); LOGPC(DCSN1, LOGL_NOTICE, "%s = %u | ", pDescr->sz , (unsigned)*pui8); pui8++; no_of_bits -= 8; } - if (nB1 > 0) + if (no_of_bits > 0) { - *pui8 = bitvec_read_field(vector, readIndex, nB1); + *pui8 = bitvec_read_field(vector, readIndex, no_of_bits); LOGPC(DCSN1, LOGL_NOTICE, "%s = %u | ", pDescr->sz , (unsigned)*pui8); pui8++; - no_of_bits -= nB1; - bit_offset += nB1; /* (nB1 is no_of_bits Mod 8) */ + bit_offset += no_of_bits; + no_of_bits = 0; } } } |