-
Michael Cook authored
This code allocates memory from the heap: ``` static void *UE_phy_stub_standalone_pnf_task(void *arg) { ... UL_INFO->crc_ind.crc_indication_body.crc_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_crc_indication_pdu_t)); ``` I see NB_UE_INST==1. Then this code: ``` void fill_crc_indication_UE_MAC(int Mod_id, int frame, int subframe, UL_IND_t *UL_INFO, uint8_t crc_flag, int index, uint16_t rnti, nfapi_ul_config_request_t *ul_config_req) { ... nfapi_crc_indication_pdu_t *pdu = &UL_INFO->crc_ind.crc_indication_body .crc_pdu_list[UL_INFO->crc_ind.crc_indication_body.number_of_crcs]; ``` used .number_of_crcs to index into .crc_pdu_list without first checking if .number_of_crcs is in range. When run with multiple UEs, sometimes .number_of_crcs==1 and then -fsanitize=address complains. Change is to use NUMBER_OF_UE_MAX instead of NB_UE_INST. With this change, -fsanitize=address stopping complaining.034d2cfe
