Commit 6435ed30 authored by Guido Casati's avatar Guido Casati

Fix memory leak in NR UE nr_rrc_ue_process_ueCapabilityEnquiry

* allocate memory in heap for the struct ue_CapabilityRAT_Container used locally for buffer encoding
* free the struct members only for the ul_dcch_msg allocated on the stack

> Direct leak of 40 byte(s) in 1 object(s) allocated from:
    > 0 0x7ffff74b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    > 1 0x555556f7a89f in nr_rrc_ue_process_ueCapabilityEnquiry /openair2/RRC/NR_UE/rrc_UE.c:1861
    > 2 0x555556fa4d85 in nr_rrc_ue_decode_dcch /openair2/RRC/NR_UE/rrc_UE.c:1650
    > 3 0x555556fbb33c in rrc_nrue /openair2/RRC/NR_UE/rrc_UE.c:1790
    > 4 0x555556fc4b2e in rrc_nrue_task /openair2/RRC/NR_UE/rrc_UE.c:1716
    > 5 0x7ffff5e94ac2 in start_thread nptl/pthread_create.c:442
parent fb554dc6
...@@ -1862,8 +1862,6 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa ...@@ -1862,8 +1862,6 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa
c1->present = NR_UL_DCCH_MessageType__c1_PR_ueCapabilityInformation; c1->present = NR_UL_DCCH_MessageType__c1_PR_ueCapabilityInformation;
asn1cCalloc(c1->choice.ueCapabilityInformation, info); asn1cCalloc(c1->choice.ueCapabilityInformation, info);
info->rrc_TransactionIdentifier = UECapabilityEnquiry->rrc_TransactionIdentifier; info->rrc_TransactionIdentifier = UECapabilityEnquiry->rrc_TransactionIdentifier;
NR_UE_CapabilityRAT_Container_t ue_CapabilityRAT_Container = {.rat_Type = NR_RAT_Type_nr};
if (!rrc->UECap.UE_NR_Capability) { if (!rrc->UECap.UE_NR_Capability) {
rrc->UECap.UE_NR_Capability = CALLOC(1, sizeof(NR_UE_NR_Capability_t)); rrc->UECap.UE_NR_Capability = CALLOC(1, sizeof(NR_UE_NR_Capability_t));
asn1cSequenceAdd(rrc->UECap.UE_NR_Capability->rf_Parameters.supportedBandListNR.list, NR_BandNR_t, nr_bandnr); asn1cSequenceAdd(rrc->UECap.UE_NR_Capability->rf_Parameters.supportedBandListNR.list, NR_BandNR_t, nr_bandnr);
...@@ -1880,9 +1878,10 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa ...@@ -1880,9 +1878,10 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa
enc_rval.failed_type->name, enc_rval.encoded); enc_rval.failed_type->name, enc_rval.encoded);
rrc->UECap.sdu_size = (enc_rval.encoded + 7) / 8; rrc->UECap.sdu_size = (enc_rval.encoded + 7) / 8;
LOG_I(PHY, "[RRC]UE NR Capability encoded, %d bytes (%zd bits)\n", rrc->UECap.sdu_size, enc_rval.encoded + 7); LOG_I(PHY, "[RRC]UE NR Capability encoded, %d bytes (%zd bits)\n", rrc->UECap.sdu_size, enc_rval.encoded + 7);
/* RAT Container */
OCTET_STRING_fromBuf(&ue_CapabilityRAT_Container.ue_CapabilityRAT_Container, (const char *)rrc->UECap.sdu, rrc->UECap.sdu_size); NR_UE_CapabilityRAT_Container_t *ue_CapabilityRAT_Container = CALLOC(1, sizeof(NR_UE_CapabilityRAT_Container_t));
ue_CapabilityRAT_Container->rat_Type = NR_RAT_Type_nr;
OCTET_STRING_fromBuf(&ue_CapabilityRAT_Container->ue_CapabilityRAT_Container, (const char *)rrc->UECap.sdu, rrc->UECap.sdu_size);
NR_UECapabilityEnquiry_IEs_t *ueCapabilityEnquiry_ie = UECapabilityEnquiry->criticalExtensions.choice.ueCapabilityEnquiry; NR_UECapabilityEnquiry_IEs_t *ueCapabilityEnquiry_ie = UECapabilityEnquiry->criticalExtensions.choice.ueCapabilityEnquiry;
if (get_softmodem_params()->nsa == 1) { if (get_softmodem_params()->nsa == 1) {
OCTET_STRING_t *requestedFreqBandsNR = ueCapabilityEnquiry_ie->ue_CapabilityEnquiryExt; OCTET_STRING_t *requestedFreqBandsNR = ueCapabilityEnquiry_ie->ue_CapabilityEnquiryExt;
...@@ -1902,7 +1901,7 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa ...@@ -1902,7 +1901,7 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa
for (int i = 0; i < ueCapabilityEnquiry_ie->ue_CapabilityRAT_RequestList.list.count; i++) { for (int i = 0; i < ueCapabilityEnquiry_ie->ue_CapabilityRAT_RequestList.list.count; i++) {
if (ueCapabilityEnquiry_ie->ue_CapabilityRAT_RequestList.list.array[i]->rat_Type == NR_RAT_Type_nr) { if (ueCapabilityEnquiry_ie->ue_CapabilityRAT_RequestList.list.array[i]->rat_Type == NR_RAT_Type_nr) {
asn1cSeqAdd(&UEcapList->list, &ue_CapabilityRAT_Container); asn1cSeqAdd(&UEcapList->list, ue_CapabilityRAT_Container);
uint8_t buffer[500]; uint8_t buffer[500];
asn_enc_rval_t enc_rval = uper_encode_to_buffer(&asn_DEF_NR_UL_DCCH_Message, NULL, (void *)&ul_dcch_msg, buffer, 500); asn_enc_rval_t enc_rval = uper_encode_to_buffer(&asn_DEF_NR_UL_DCCH_Message, NULL, (void *)&ul_dcch_msg, buffer, 500);
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %jd)!\n", AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %jd)!\n",
...@@ -1916,6 +1915,9 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa ...@@ -1916,6 +1915,9 @@ static void nr_rrc_ue_process_ueCapabilityEnquiry(NR_UE_RRC_INST_t *rrc, NR_UECa
nr_pdcp_data_req_srb(rrc->ue_id, srb_id, 0, (enc_rval.encoded + 7) / 8, buffer, deliver_pdu_srb_rlc, NULL); nr_pdcp_data_req_srb(rrc->ue_id, srb_id, 0, (enc_rval.encoded + 7) / 8, buffer, deliver_pdu_srb_rlc, NULL);
} }
} }
/* Free struct members after it's done
including locally allocated ue_CapabilityRAT_Container */
ASN_STRUCT_RESET(asn_DEF_NR_UL_DCCH_Message, &ul_dcch_msg);
} }
void nr_rrc_initiate_rrcReestablishment(NR_UE_RRC_INST_t *rrc, void nr_rrc_initiate_rrcReestablishment(NR_UE_RRC_INST_t *rrc,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment