Skip to content

O
OpenXG-RAN
Commit 32291b72 authored by masayuki.harada's avatar masayuki.harada Committed by Haruki NAOI
Browse files
Options

Fix: memory leak in RRC and S1AP. 

(cherry picked from commit 89388420dd077922fcfd0e3f6e18c2f8a1d1343d)
parent 212b8523
Show whitespace changes
Inline Side-by-side
Showing with 116 additions and 25 deletions
openair1/SCHED/fapi_l1.c
View file @ 32291b72
......@@ -929,15 +929,17 @@ void schedule_response(Sched_Rsp_t *Sched_INFO) {
}
}
#else
LTE_TDD_Config_t *tdd_Config = NULL;
uint8_t harq_pid_dl=0;
if (fp->frame_type == TDD) {
tdd_Config = CALLOC(1,sizeof(struct LTE_TDD_Config));
tdd_Config->subframeAssignment = fp->tdd_config;
tdd_Config->specialSubframePatterns = fp->tdd_config_S;
LTE_TDD_Config_t tdd_Config;
tdd_Config.subframeAssignment = fp->tdd_config;
tdd_Config.specialSubframePatterns = fp->tdd_config_S;
harq_pid_dl = frame_subframe2_dl_harq_pid(&tdd_Config, NFAPI_SFNSF2SFN(DL_req->sfn_sf), NFAPI_SFNSF2SF(DL_req->sfn_sf));
}else{
harq_pid_dl = frame_subframe2_dl_harq_pid(NULL, NFAPI_SFNSF2SFN(DL_req->sfn_sf), NFAPI_SFNSF2SF(DL_req->sfn_sf));
}
uint8_t harq_pid_dl = frame_subframe2_dl_harq_pid(tdd_Config, NFAPI_SFNSF2SFN(DL_req->sfn_sf), NFAPI_SFNSF2SF(DL_req->sfn_sf));
if (harq_pid_dl >=0 && harq_pid_dl < 8) {
memset(dl_pdus[harq_pid_dl][i], 0, sizeof(uint8_t)*9422);
memcpy(dl_pdus[harq_pid_dl][i], TX_req->tx_request_body.tx_pdu_list[pdu_index].segments[0].segment_data, TX_req->tx_request_body.tx_pdu_list[pdu_index].segments[0].segment_length);
......
openair2/RRC/LTE/MESSAGES/asn1_msg.c
View file @ 32291b72
......@@ -4424,6 +4424,7 @@ uint8_t do_RRCConnectionRelease(uint8_t Mod_id,
(void *)&dl_dcch_msg,
buffer,
RRC_BUF_SIZE);
free(rrcConnectionRelease->criticalExtensions.choice.c1.choice.rrcConnectionRelease_r8.nonCriticalExtension);
return((enc_rval.encoded+7)/8);
}
......
openair2/RRC/LTE/rrc_eNB.c
View file @ 32291b72
......@@ -3842,15 +3842,17 @@ void rrc_eNB_generate_defaultRRCConnectionReconfiguration(const protocol_ctxt_t
/* Initialize NAS list */
dedicatedInfoNASList = CALLOC(1, sizeof(struct LTE_RRCConnectionReconfiguration_r8_IEs__dedicatedInfoNASList));
OCTET_STRING_t temp_OCT[10]={0};
/* Add all NAS PDUs to the list */
for (i = 0; i < ue_context_pP->ue_context.setup_e_rabs; i++) {
if (ue_context_pP->ue_context.e_rab[i].param.nas_pdu.buffer != NULL) {
dedicatedInfoNas = CALLOC(1, sizeof(LTE_DedicatedInfoNAS_t));
memset(dedicatedInfoNas, 0, sizeof(OCTET_STRING_t));
OCTET_STRING_fromBuf(dedicatedInfoNas,
OCTET_STRING_fromBuf(&temp_OCT[i],
(char *)ue_context_pP->ue_context.e_rab[i].param.nas_pdu.buffer,
ue_context_pP->ue_context.e_rab[i].param.nas_pdu.length);
dedicatedInfoNas->buf=temp_OCT[i].buf;
dedicatedInfoNas->size=temp_OCT[i].size;
ASN_SEQUENCE_ADD(&dedicatedInfoNASList->list, dedicatedInfoNas);
}
......@@ -3961,6 +3963,19 @@ void rrc_eNB_generate_defaultRRCConnectionReconfiguration(const protocol_ctxt_t
free(quantityConfig);
quantityConfig = NULL;
}
if( dedicatedInfoNASList != NULL){
for(i=0;i<10;i++){
if(temp_OCT[i].buf!=NULL)
free(temp_OCT[i].buf);
}
for(int cnt=0;cnt<dedicatedInfoNASList->list.count;cnt++){
//free(((OCTET_STRING_t*)(&dedicatedInfoNASList->list.array[cnt]))->buf);
free(dedicatedInfoNASList->list.array[cnt]);
}
free(dedicatedInfoNASList);
dedicatedInfoNASList = NULL;
}
}
//-----------------------------------------------------------------------------
......@@ -8770,6 +8785,7 @@ rrc_eNB_decode_dcch(
// remove UE after 100 frames after LTE_RRCConnectionReestablishmentRelease is triggered
ue_context_p->ue_context.ue_reestablishment_timer_thres = 1000;
}
ASN_STRUCT_FREE(asn_DEF_LTE_UL_DCCH_Message,ul_dcch_msg);
break;
case LTE_UL_DCCH_MessageType__c1_PR_rrcConnectionSetupComplete:
......@@ -8826,6 +8842,7 @@ rrc_eNB_decode_dcch(
}
ue_context_p->ue_context.ue_release_timer=0;
ASN_STRUCT_FREE(asn_DEF_LTE_UL_DCCH_Message,ul_dcch_msg);
break;
case LTE_UL_DCCH_MessageType__c1_PR_securityModeComplete:
......@@ -8995,6 +9012,7 @@ rrc_eNB_decode_dcch(
rrc_eNB_generate_defaultRRCConnectionReconfiguration(ctxt_pP,
ue_context_p,
RC.rrc[ctxt_pP->module_id]->HO_flag);
ASN_STRUCT_FREE(asn_DEF_LTE_UL_DCCH_Message,ul_dcch_msg);
break;
case LTE_UL_DCCH_MessageType__c1_PR_ulHandoverPreparationTransfer:
......@@ -9030,7 +9048,7 @@ rrc_eNB_decode_dcch(
ue_context_p,
ul_dcch_msg);
}
ASN_STRUCT_FREE(asn_DEF_LTE_UL_DCCH_Message,ul_dcch_msg);
break;
case LTE_UL_DCCH_MessageType__c1_PR_counterCheckResponse:
......
openair2/RRC/LTE/rrc_eNB_S1AP.c
View file @ 32291b72
......@@ -155,6 +155,9 @@ void extract_imsi(uint8_t *pdu_buf, uint32_t pdu_len, rrc_eNB_ue_context_t *ue_c
&e_msg->attach_request.oldgutiorimsi.imsi,
sizeof(ImsiMobileIdentity_t));
}
free(e_msg->attach_request.esmmessagecontainer.esmmessagecontainercontents.value);
if(e_msg->attach_request.msnetworkcapability.msnetworkcapabilityvalue.value!=NULL)
free(e_msg->attach_request.msnetworkcapability.msnetworkcapabilityvalue.value);
}
}
......@@ -654,7 +657,9 @@ rrc_eNB_send_S1AP_UPLINK_NAS(
uint8_t *pdu_buffer;
MessageDef *msg_p;
pdu_length = dedicatedInfoType->choice.dedicatedInfoNAS.size;
pdu_buffer = dedicatedInfoType->choice.dedicatedInfoNAS.buf;
//pdu_buffer = dedicatedInfoType->choice.dedicatedInfoNAS.buf;
pdu_buffer = CALLOC(1, dedicatedInfoType->choice.dedicatedInfoNAS.size);
memcpy((void*)pdu_buffer,(void*)dedicatedInfoType->choice.dedicatedInfoNAS.buf,dedicatedInfoType->choice.dedicatedInfoNAS.size);
msg_p = itti_alloc_new_message (TASK_RRC_ENB, S1AP_UPLINK_NAS);
S1AP_UPLINK_NAS (msg_p).eNB_ue_s1ap_id = ue_context_pP->ue_context.eNB_ue_s1ap_id;
S1AP_UPLINK_NAS (msg_p).nas_pdu.length = pdu_length;
......@@ -763,8 +768,10 @@ rrc_eNB_send_S1AP_NAS_FIRST_REQ(
S1AP_NAS_FIRST_REQ (message_p).establishment_cause = RRC_CAUSE_EMERGENCY;
}
/* Forward NAS message */
S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer = rrcConnectionSetupComplete->dedicatedInfoNAS.buf;
S1AP_NAS_FIRST_REQ (message_p).nas_pdu.length = rrcConnectionSetupComplete->dedicatedInfoNAS.size;
//S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer = rrcConnectionSetupComplete->dedicatedInfoNAS.buf;
S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer = CALLOC(1, rrcConnectionSetupComplete->dedicatedInfoNAS.size);
memcpy((void*)S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer,(void*)rrcConnectionSetupComplete->dedicatedInfoNAS.buf,rrcConnectionSetupComplete->dedicatedInfoNAS.size);
extract_imsi(S1AP_NAS_FIRST_REQ (message_p).nas_pdu.buffer,
S1AP_NAS_FIRST_REQ (message_p).nas_pdu.length,
ue_context_pP);
......@@ -916,6 +923,7 @@ rrc_eNB_process_S1AP_DOWNLINK_NAS(
ue_initial_id,
eNB_ue_s1ap_id);
itti_send_msg_to_task (TASK_S1AP, instance, msg_fail_p);
free(S1AP_DOWNLINK_NAS (msg_p).nas_pdu.buffer);
return (-1);
} else {
PROTOCOL_CTXT_SET_BY_INSTANCE(&ctxt, instance, ENB_FLAG_YES, ue_context_p->ue_context.rnti, 0, 0);
......@@ -955,6 +963,7 @@ rrc_eNB_process_S1AP_DOWNLINK_NAS(
length,
buffer,
PDCP_TRANSMISSION_MODE_CONTROL);
free(S1AP_DOWNLINK_NAS (msg_p).nas_pdu.buffer);
return (0);
}
}
......
openair3/S1AP/s1ap_eNB_context_management_procedures.c
View file @ 32291b72
......@@ -191,7 +191,9 @@ int s1ap_ue_context_release_complete(instance_t instance,
ue_context_p->eNB_ue_s1ap_id, ue_context_p->mme_ue_s1ap_id,
ue_context_p->ue_state);
}*/
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
......@@ -323,6 +325,9 @@ int s1ap_ue_context_release_req(instance_t instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
openair3/S1AP/s1ap_eNB_handlers.c
View file @ 32291b72
......@@ -217,44 +217,45 @@ void s1ap_handle_s1_setup_message(s1ap_eNB_mme_data_t *mme_desc_p, int sctp_shut
int s1ap_eNB_handle_message(uint32_t assoc_id, int32_t stream,
const uint8_t *const data, const uint32_t data_length) {
S1AP_S1AP_PDU_t pdu;
S1AP_S1AP_PDU_t * pdu;
int ret;
if (data == NULL) {
S1AP_ERROR("data == NULL\n");
return -1;
}
memset(&pdu, 0, sizeof(pdu));
pdu=CALLOC(1, sizeof(S1AP_S1AP_PDU_t));
if (s1ap_eNB_decode_pdu(&pdu, data, data_length) < 0) {
if (s1ap_eNB_decode_pdu(pdu, data, data_length) < 0) {
S1AP_ERROR("Failed to decode PDU\n");
free(pdu);
return -1;
}
/* Checking procedure Code and direction of message */
if (pdu.choice.initiatingMessage.procedureCode >= sizeof(messages_callback) / (3 * sizeof(
if (pdu->choice.initiatingMessage.procedureCode >= sizeof(messages_callback) / (3 * sizeof(
s1ap_message_decoded_callback))
|| (pdu.present > S1AP_S1AP_PDU_PR_unsuccessfulOutcome)) {
|| (pdu->present > S1AP_S1AP_PDU_PR_unsuccessfulOutcome)) {
S1AP_ERROR("[SCTP %d] Either procedureCode %ld or direction %d exceed expected\n",
assoc_id, pdu.choice.initiatingMessage.procedureCode, pdu.present);
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1AP_S1AP_PDU, &pdu);
assoc_id, pdu->choice.initiatingMessage.procedureCode, pdu->present);
ASN_STRUCT_FREE(asn_DEF_S1AP_S1AP_PDU, pdu);
return -1;
}
/* No handler present.
* This can mean not implemented or no procedure for eNB (wrong direction).
*/
if (messages_callback[pdu.choice.initiatingMessage.procedureCode][pdu.present - 1] == NULL) {
if (messages_callback[pdu->choice.initiatingMessage.procedureCode][pdu->present - 1] == NULL) {
S1AP_ERROR("[SCTP %d] No handler for procedureCode %ld in %s\n",
assoc_id, pdu.choice.initiatingMessage.procedureCode,
s1ap_direction2String(pdu.present - 1));
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1AP_S1AP_PDU, &pdu);
assoc_id, pdu->choice.initiatingMessage.procedureCode,
s1ap_direction2String(pdu->present - 1));
ASN_STRUCT_FREE(asn_DEF_S1AP_S1AP_PDU, pdu);
return -1;
}
/* Calling the right handler */
ret = (*messages_callback[pdu.choice.initiatingMessage.procedureCode][pdu.present - 1])
(assoc_id, stream, &pdu);
ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_S1AP_S1AP_PDU, &pdu);
ret = (*messages_callback[pdu->choice.initiatingMessage.procedureCode][pdu->present - 1])
(assoc_id, stream, pdu);
ASN_STRUCT_FREE(asn_DEF_S1AP_S1AP_PDU, pdu);
return ret;
}
......
openair3/S1AP/s1ap_eNB_nas_procedures.c
View file @ 32291b72
......@@ -455,6 +455,9 @@ int s1ap_eNB_handle_nas_first_req(
/* Send encoded message over sctp */
s1ap_eNB_itti_send_sctp_data_req(instance_p->instance, mme_desc_p->assoc_id,
buffer, length, ue_desc_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
......@@ -726,6 +729,9 @@ int s1ap_eNB_nas_uplink(instance_t instance, s1ap_uplink_nas_t *s1ap_uplink_nas_
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
......@@ -825,6 +831,9 @@ int s1ap_eNB_nas_non_delivery_ind(instance_t instance,
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
......@@ -1004,6 +1013,15 @@ int s1ap_eNB_initial_ctxt_resp(
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABSetupListCtxtSURes){
ASN_STRUCT_FREE(asn_DEF_S1AP_InitialContextSetupResponseIEs,out->protocolIEs.list.array[cnt]);
}else if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABFailedToSetupListCtxtSURes){
ASN_STRUCT_FREE(asn_DEF_S1AP_InitialContextSetupResponseIEs,out->protocolIEs.list.array[cnt]);
}else{
free(out->protocolIEs.list.array[cnt]);
}
}
return 0;
}
......@@ -1111,6 +1129,9 @@ int s1ap_eNB_ue_capabilities(instance_t instance,
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
free(out->protocolIEs.list.array[cnt]);
}
return 0;
}
......@@ -1301,6 +1322,15 @@ int s1ap_eNB_e_rab_setup_resp(instance_t instance,
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABSetupListBearerSURes){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABSetupResponseIEs,out->protocolIEs.list.array[cnt]);
}else if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABFailedToSetupListBearerSURes){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABSetupResponseIEs,out->protocolIEs.list.array[cnt]);
}else{
free(out->protocolIEs.list.array[cnt]);
}
}
return 0;
}
......@@ -1470,6 +1500,15 @@ int s1ap_eNB_e_rab_modify_resp(instance_t instance,
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
ue_context_p->mme_ref->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABFailedToModifyList){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABModifyResponseIEs,out->protocolIEs.list.array[cnt]);
}else if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABFailedToModifyList){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABModifyResponseIEs,out->protocolIEs.list.array[cnt]);
}else{
free(out->protocolIEs.list.array[cnt]);
}
}
return 0;
}
//------------------------------------------------------------------------------
......@@ -1641,6 +1680,15 @@ int s1ap_eNB_e_rab_release_resp(instance_t instance,
length, ue_context_p->tx_stream);
S1AP_INFO("e_rab_release_response sended eNB_UE_S1AP_ID %d mme_ue_s1ap_id %d nb_of_e_rabs_released %d nb_of_e_rabs_failed %d\n",
e_rab_release_resp_p->eNB_ue_s1ap_id, ue_context_p->mme_ue_s1ap_id,e_rab_release_resp_p->nb_of_e_rabs_released,e_rab_release_resp_p->nb_of_e_rabs_failed);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABReleaseListBearerRelComp){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABReleaseResponseIEs,out->protocolIEs.list.array[cnt]);
}else if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABFailedToReleaseList){
ASN_STRUCT_FREE(asn_DEF_S1AP_E_RABReleaseResponseIEs,out->protocolIEs.list.array[cnt]);
}else{
free(out->protocolIEs.list.array[cnt]);
}
}
return 0;
}
......@@ -1886,6 +1934,13 @@ int s1ap_eNB_path_switch_req(instance_t instance,
s1ap_eNB_itti_send_sctp_data_req(s1ap_eNB_instance_p->instance,
mme_desc_p->assoc_id, buffer,
length, ue_context_p->tx_stream);
for(int cnt=0;cnt < out->protocolIEs.list.count; cnt++){
if(out->protocolIEs.list.array[cnt]->id == S1AP_ProtocolIE_ID_id_E_RABToBeSwitchedDLList){
ASN_STRUCT_FREE(asn_DEF_S1AP_PathSwitchRequestIEs,out->protocolIEs.list.array[cnt]);
}else{
free(out->protocolIEs.list.array[cnt]);
}
}
return ret;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment