Commit b6766ee8 authored by Michael Cook's avatar Michael Cook

decode_SIB1: Was reading past the end of plmn_data

Found by -fsanitize=address
parent d8a7414e
...@@ -2899,16 +2899,18 @@ int decode_SIB1( const protocol_ctxt_t *const ctxt_pP, const uint8_t eNB_index, ...@@ -2899,16 +2899,18 @@ int decode_SIB1( const protocol_ctxt_t *const ctxt_pP, const uint8_t eNB_index,
} }
LOG_I( RRC, "PLMN %d MCC %0*d, MNC %0*d\n", i + 1, mccdigits, mcc, mncdigits, mnc); LOG_I( RRC, "PLMN %d MCC %0*d, MNC %0*d\n", i + 1, mccdigits, mcc, mncdigits, mnc);
// search internal table for provider name
int plmn_ind = 0;
while (plmn_data[plmn_ind].mcc > 0) { // search internal table for provider name
const size_t num_plmn_data = sizeof(plmn_data) / sizeof(plmn_data[0]);
for (size_t plmn_ind = 0;; ++plmn_ind) {
if (plmn_ind == num_plmn_data) {
LOG_E( RRC, "Did not find name from internal table for %u %u\n", mcc, mnc);
break;
}
if ((plmn_data[plmn_ind].mcc == mcc) && (plmn_data[plmn_ind].mnc == mnc)) { if ((plmn_data[plmn_ind].mcc == mcc) && (plmn_data[plmn_ind].mnc == mnc)) {
LOG_I( RRC, "Found %s (name from internal table)\n", plmn_data[plmn_ind].oper_short ); LOG_I( RRC, "Found %s (name from internal table)\n", plmn_data[plmn_ind].oper_short );
break; break;
} }
plmn_ind++;
} }
} }
LOG_I( RRC, "TAC 0x%04x\n", LOG_I( RRC, "TAC 0x%04x\n",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment