bugfix: do not use memory on the stack in do_SIB1_MBMS, allocate it with malloc

de8e2257 · Cedric Roux · 283207cd · de8e2257
Commit de8e2257 authored Aug 13, 2019 by Cedric Roux
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 42 deletions

openair2/RRC/LTE/MESSAGES/asn1_msg.c openair2/RRC/LTE/MESSAGES/asn1_msg.c +61 -42

No files found.
--- a/openair2/RRC/LTE/MESSAGES/asn1_msg.c
+++ b/openair2/RRC/LTE/MESSAGES/asn1_msg.c
@@ -419,78 +419,97 @@ uint8_t do_SIB1_MBMS(rrc_eNB_carrier_data_t *carrier,
 #else
  int num_plmn = 1;
 #endif
-  LTE_PLMN_IdentityInfo_t PLMN_identity_info[num_plmn];
-  LTE_MCC_MNC_Digit_t dummy_mcc[num_plmn][3], dummy_mnc[num_plmn][3];
+  LTE_PLMN_IdentityInfo_t *PLMN_identity_info;
+  LTE_MCC_MNC_Digit_t *dummy_mcc_0;
+  LTE_MCC_MNC_Digit_t *dummy_mcc_1;
+  LTE_MCC_MNC_Digit_t *dummy_mcc_2;
+  LTE_MCC_MNC_Digit_t *dummy_mnc_0;
+  LTE_MCC_MNC_Digit_t *dummy_mnc_1;
+  LTE_MCC_MNC_Digit_t *dummy_mnc_2;
  asn_enc_rval_t enc_rval;
-  LTE_SchedulingInfo_MBMS_r14_t schedulingInfo;
-  LTE_SIB_Type_t sib_type;
+  LTE_SchedulingInfo_MBMS_r14_t *schedulingInfo;
+  LTE_SIB_Type_t *sib_type;
  uint8_t *buffer                      = carrier->SIB1_MBMS;
  LTE_BCCH_DL_SCH_Message_MBMS_t *bcch_message  = &carrier->siblock1_MBMS;
  LTE_SystemInformationBlockType1_MBMS_r14_t **sib1_MBMS = &carrier->sib1_MBMS;
 
  int i;
-  //LTE_NonMBSFN_SubframeConfig_r14 nonMBSFN_SubframeConfig_r14;

  struct LTE_MBSFN_AreaInfo_r9 *MBSFN_Area1/*, *MBSFN_Area2*/;
-  struct LTE_NonMBSFN_SubframeConfig_r14 nonMBSFN_SubframeConfig_r14;

  memset(bcch_message,0,sizeof(LTE_BCCH_DL_SCH_Message_MBMS_t));
  bcch_message->message.present = LTE_BCCH_DL_SCH_MessageType_MBMS_r14_PR_c1;
  bcch_message->message.choice.c1.present = LTE_BCCH_DL_SCH_MessageType_MBMS_r14__c1_PR_systemInformationBlockType1_MBMS_r14;
  //  memcpy(&bcch_message.message.choice.c1.choice.systemInformationBlockType1,sib1,sizeof(SystemInformationBlockType1_t));
  *sib1_MBMS = &bcch_message->message.choice.c1.choice.systemInformationBlockType1_MBMS_r14;
-  memset(PLMN_identity_info,0,num_plmn * sizeof(LTE_PLMN_IdentityInfo_t));
-  memset(&schedulingInfo,0,sizeof(LTE_SchedulingInfo_MBMS_r14_t));
-  memset(&sib_type,0,sizeof(LTE_SIB_Type_t));
-  memset(&nonMBSFN_SubframeConfig_r14,0,sizeof(struct LTE_NonMBSFN_SubframeConfig_r14));
+  PLMN_identity_info = CALLOC(1, sizeof(LTE_PLMN_IdentityInfo_t) * num_plmn);
+  if (PLMN_identity_info == NULL)
+    exit(1);
+  schedulingInfo = CALLOC(1, sizeof(LTE_SchedulingInfo_MBMS_r14_t));
+  if (schedulingInfo == NULL)
+    exit(1);
+  sib_type = CALLOC(1, sizeof(LTE_SIB_Type_t));
+  if (sib_type == NULL)
+    exit(1);

  /* as per TS 36.311, up to 6 PLMN_identity_info are allowed in list -> add one by one */
-  for (i = 0; i < configuration->num_plmn; ++i) {
+  for (i = 0; i < num_plmn; ++i) {
    PLMN_identity_info[i].plmn_Identity.mcc = CALLOC(1,sizeof(*PLMN_identity_info[i].plmn_Identity.mcc));
    memset(PLMN_identity_info[i].plmn_Identity.mcc,0,sizeof(*PLMN_identity_info[i].plmn_Identity.mcc));
    asn_set_empty(&PLMN_identity_info[i].plmn_Identity.mcc->list);//.size=0;
+    dummy_mcc_0 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    dummy_mcc_1 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    dummy_mcc_2 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    if (dummy_mcc_0 == NULL || dummy_mcc_1 == NULL || dummy_mcc_2 == NULL)
+      exit(1);
 #if defined(ENABLE_ITTI)
-    dummy_mcc[i][0] = (configuration->mcc[i] / 100) % 10;
-    dummy_mcc[i][1] = (configuration->mcc[i] / 10) % 10;
-    dummy_mcc[i][2] = (configuration->mcc[i] / 1) % 10;
+    *dummy_mcc_0 = (configuration->mcc[i] / 100) % 10;
+    *dummy_mcc_1 = (configuration->mcc[i] / 10) % 10;
+    *dummy_mcc_2 = (configuration->mcc[i] / 1) % 10;
 #else
-    dummy_mcc[i][0] = 0;
-    dummy_mcc[i][1] = 0;
-    dummy_mcc[i][2] = 1;
+    *dummy_mcc_0 = 0;
+    *dummy_mcc_1 = 0;
+    *dummy_mcc_2 = 1;
 #endif
-    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list,&dummy_mcc[i][0]);
-    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list,&dummy_mcc[i][1]);
-    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list,&dummy_mcc[i][2]);
+    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list, dummy_mcc_0);
+    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list, dummy_mcc_1);
+    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mcc->list, dummy_mcc_2);
    PLMN_identity_info[i].plmn_Identity.mnc.list.size=0;
    PLMN_identity_info[i].plmn_Identity.mnc.list.count=0;
-#if defined(ENABLE_ITTI)

+    dummy_mnc_0 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    dummy_mnc_1 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    dummy_mnc_2 = CALLOC(1, sizeof(LTE_MCC_MNC_Digit_t));
+    if (dummy_mnc_0 == NULL || dummy_mnc_1 == NULL || dummy_mnc_2 == NULL)
+      exit(1);
+#if defined(ENABLE_ITTI)
    if (configuration->mnc[i] >= 100) {
-      dummy_mnc[i][0] = (configuration->mnc[i] / 100) % 10;
-      dummy_mnc[i][1] = (configuration->mnc[i] / 10) % 10;
-      dummy_mnc[i][2] = (configuration->mnc[i] / 1) % 10;
+      *dummy_mnc_0 = (configuration->mnc[i] / 100) % 10;
+      *dummy_mnc_1 = (configuration->mnc[i] / 10) % 10;
+      *dummy_mnc_2 = (configuration->mnc[i] / 1) % 10;
    } else {
      if (configuration->mnc_digit_length[i] == 2) {
-        dummy_mnc[i][0] = (configuration->mnc[i] / 10) % 10;
-        dummy_mnc[i][1] = (configuration->mnc[i] / 1) % 10;
-        dummy_mnc[i][2] = 0xf;
+        *dummy_mnc_0 = (configuration->mnc[i] / 10) % 10;
+        *dummy_mnc_1 = (configuration->mnc[i] / 1) % 10;
+        *dummy_mnc_2 = 0xf;
      } else {
-        dummy_mnc[i][0] = (configuration->mnc[i] / 100) % 100;
-        dummy_mnc[i][1] = (configuration->mnc[i] / 10) % 10;
-        dummy_mnc[i][2] = (configuration->mnc[i] / 1) % 10;
+        *dummy_mnc_0 = (configuration->mnc[i] / 100) % 100;
+        *dummy_mnc_1 = (configuration->mnc[i] / 10) % 10;
+        *dummy_mnc_2 = (configuration->mnc[i] / 1) % 10;
      }
    }
-
 #else
-    dummy_mnc[i][0] = 0;
-    dummy_mnc[i][1] = 1;
-    dummy_mnc[i][2] = 0xf;
+    *dummy_mnc[i][0] = 0;
+    *dummy_mnc[i][1] = 1;
+    *dummy_mnc[i][2] = 0xf;
 #endif
-    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list,&dummy_mnc[i][0]);
-    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list,&dummy_mnc[i][1]);
+    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list, dummy_mnc_0);
+    ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list, dummy_mnc_1);

-    if (dummy_mnc[i][2] != 0xf) {
-      ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list,&dummy_mnc[i][2]);
+    if (*dummy_mnc_2 != 0xf) {
+      ASN_SEQUENCE_ADD(&PLMN_identity_info[i].plmn_Identity.mnc.list, dummy_mnc_2);
+    } else {
+      free(dummy_mnc_2);
    }

    //assign_enum(&PLMN_identity_info.cellReservedForOperatorUse,PLMN_IdentityInfo__cellReservedForOperatorUse_notReserved);
@@ -530,10 +549,10 @@ uint8_t do_SIB1_MBMS(rrc_eNB_carrier_data_t *carrier,
 #else
    7;
 #endif
-  schedulingInfo.si_Periodicity_r14=LTE_SchedulingInfo__si_Periodicity_rf16;
-  sib_type=LTE_SIB_Type_MBMS_r14_sibType13_v920;
-  ASN_SEQUENCE_ADD(&schedulingInfo.sib_MappingInfo_r14.list,&sib_type);
-  ASN_SEQUENCE_ADD(&(*sib1_MBMS)->schedulingInfoList_MBMS_r14.list,&schedulingInfo);
+  schedulingInfo->si_Periodicity_r14=LTE_SchedulingInfo__si_Periodicity_rf16;
+  *sib_type = LTE_SIB_Type_MBMS_r14_sibType13_v920;
+  ASN_SEQUENCE_ADD(&schedulingInfo->sib_MappingInfo_r14.list, sib_type);
+  ASN_SEQUENCE_ADD(&(*sib1_MBMS)->schedulingInfoList_MBMS_r14.list, schedulingInfo);

  (*sib1_MBMS)->si_WindowLength_r14=LTE_SystemInformationBlockType1_MBMS_r14__si_WindowLength_r14_ms20;
  (*sib1_MBMS)->systemInfoValueTag_r14=0;