Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
O
OpenXG-RAN
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Michael Black
OpenXG-RAN
Commits
b6766ee8
Commit
b6766ee8
authored
Feb 27, 2021
by
Michael Cook
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
decode_SIB1: Was reading past the end of plmn_data
Found by -fsanitize=address
parent
d8a7414e
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
7 additions
and
5 deletions
+7
-5
openair2/RRC/LTE/rrc_UE.c
openair2/RRC/LTE/rrc_UE.c
+7
-5
No files found.
openair2/RRC/LTE/rrc_UE.c
View file @
b6766ee8
...
@@ -2899,16 +2899,18 @@ int decode_SIB1( const protocol_ctxt_t *const ctxt_pP, const uint8_t eNB_index,
...
@@ -2899,16 +2899,18 @@ int decode_SIB1( const protocol_ctxt_t *const ctxt_pP, const uint8_t eNB_index,
}
}
LOG_I
(
RRC
,
"PLMN %d MCC %0*d, MNC %0*d
\n
"
,
i
+
1
,
mccdigits
,
mcc
,
mncdigits
,
mnc
);
LOG_I
(
RRC
,
"PLMN %d MCC %0*d, MNC %0*d
\n
"
,
i
+
1
,
mccdigits
,
mcc
,
mncdigits
,
mnc
);
// search internal table for provider name
int
plmn_ind
=
0
;
while
(
plmn_data
[
plmn_ind
].
mcc
>
0
)
{
// search internal table for provider name
const
size_t
num_plmn_data
=
sizeof
(
plmn_data
)
/
sizeof
(
plmn_data
[
0
]);
for
(
size_t
plmn_ind
=
0
;;
++
plmn_ind
)
{
if
(
plmn_ind
==
num_plmn_data
)
{
LOG_E
(
RRC
,
"Did not find name from internal table for %u %u
\n
"
,
mcc
,
mnc
);
break
;
}
if
((
plmn_data
[
plmn_ind
].
mcc
==
mcc
)
&&
(
plmn_data
[
plmn_ind
].
mnc
==
mnc
))
{
if
((
plmn_data
[
plmn_ind
].
mcc
==
mcc
)
&&
(
plmn_data
[
plmn_ind
].
mnc
==
mnc
))
{
LOG_I
(
RRC
,
"Found %s (name from internal table)
\n
"
,
plmn_data
[
plmn_ind
].
oper_short
);
LOG_I
(
RRC
,
"Found %s (name from internal table)
\n
"
,
plmn_data
[
plmn_ind
].
oper_short
);
break
;
break
;
}
}
plmn_ind
++
;
}
}
}
}
LOG_I
(
RRC
,
"TAC 0x%04x
\n
"
,
LOG_I
(
RRC
,
"TAC 0x%04x
\n
"
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment