mirror of https://github.com/PentHertz/srsLTE.git
mac: convert rar_pdu_msg[] from vector into array and protect access
attempt to address ASAN detected issue: RACH: tti=821, cc=3, preamble=11, offset=0, temp_crnti=0x47 ASAN:DEADLYSIGNAL ================================================================= m==25385==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000024 (pc 0x564b19a26c93 bp 0x7fa0e5f1a8c0 sp 0x7fa0e5f1a798 T8) ==25385==The signal is caused by a WRITE memory access. ==25385==Hint: address points to the zero page. ------DL--------------------------------UL------------------------------------ rnti cqi ri mcs brate ok nok (%) snr phr mcs brate ok nok (%) bsr 46 0.10 0 0.0 0 0 0 0% 0 0.0 0 0 0 0 0% 0.0 47 0.10 0 0.0 0 0 0 0% 0 0.0 0 0 0 0 0% 0.0 #0 0x564b19a26c92 in srslte::rar_subh::set_ta_cmd(unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/lib/src/mac/pdu.cc:1136 #1 0x564b19577f7e in srsenb::mac::assemble_rar(srsenb::sched_interface::dl_sched_rar_grant_t*, unsigned int, int, unsigned int, unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:837 #2 0x564b19591765 in srsenb::mac::get_dl_sched(unsigned int, std::vector<srsenb::mac_interface_phy_lte::dl_sched_t, std::allocator<srsenb::mac_interface_phy_lte::dl_sched_t> >&) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:653 #3 0x564b19497ee2 in srsenb::lte::sf_worker::work_imp() /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/phy/lte/sf_worker.cc:208 #4 0x564b199f8db4 in
This commit is contained in:
parent
2ca894df01
commit
732a108982
|
@ -140,12 +140,12 @@ private:
|
|||
|
||||
uint8_t* assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
|
||||
uint32_t nof_grants,
|
||||
int rar_idx,
|
||||
uint32_t rar_idx,
|
||||
uint32_t pdu_len,
|
||||
uint32_t tti);
|
||||
|
||||
const static int rar_payload_len = 128;
|
||||
std::vector<srslte::rar_pdu> rar_pdu_msg;
|
||||
std::array<srslte::rar_pdu, sched_interface::MAX_RAR_LIST> rar_pdu_msg;
|
||||
srslte::byte_buffer_t rar_payload[sched_interface::MAX_RAR_LIST];
|
||||
|
||||
const static int NOF_BCCH_DLSCH_MSG = sched_interface::MAX_SIBS;
|
||||
|
|
|
@ -28,7 +28,6 @@ using namespace asn1::rrc;
|
|||
namespace srsenb {
|
||||
|
||||
mac::mac(srslte::ext_task_sched_handle task_sched_) :
|
||||
rar_pdu_msg(sched_interface::MAX_RAR_LIST),
|
||||
rar_payload(),
|
||||
common_buffers(SRSLTE_MAX_CARRIERS),
|
||||
task_sched(task_sched_)
|
||||
|
@ -821,12 +820,12 @@ int mac::get_mch_sched(uint32_t tti, bool is_mcch, dl_sched_list_t& dl_sched_res
|
|||
|
||||
uint8_t* mac::assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
|
||||
uint32_t nof_grants,
|
||||
int rar_idx,
|
||||
uint32_t rar_idx,
|
||||
uint32_t pdu_len,
|
||||
uint32_t tti)
|
||||
{
|
||||
uint8_t grant_buffer[64] = {};
|
||||
if (pdu_len < rar_payload_len) {
|
||||
if (pdu_len < rar_payload_len && rar_idx < rar_pdu_msg.size()) {
|
||||
srslte::rar_pdu* pdu = &rar_pdu_msg[rar_idx];
|
||||
rar_payload[rar_idx].clear();
|
||||
pdu->init_tx(&rar_payload[rar_idx], pdu_len);
|
||||
|
@ -842,7 +841,7 @@ uint8_t* mac::assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
|
|||
pdu->write_packet(rar_payload[rar_idx].msg);
|
||||
return rar_payload[rar_idx].msg;
|
||||
} else {
|
||||
Error("Assembling RAR: pdu_len > rar_payload_len (%d>%d)\n", pdu_len, rar_payload_len);
|
||||
Error("Assembling RAR: rar_idx=%d, pdu_len > rar_payload_len (%d>%d)\n", rar_idx, pdu_len, rar_payload_len);
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue