Skip to content

O
OpenXG-RAN
Commit 034d2cfe authored by Michael Cook's avatar Michael Cook
Browse files
Options

lte-ue.c: Allocate bigger arrays 

This code allocates memory from the heap:

```
static void *UE_phy_stub_standalone_pnf_task(void *arg)
{
...
  UL_INFO->crc_ind.crc_indication_body.crc_pdu_list =
  calloc(NB_UE_INST, sizeof(nfapi_crc_indication_pdu_t));
```

I see NB_UE_INST==1.

Then this code:

```
void fill_crc_indication_UE_MAC(int Mod_id,
                                int frame,
                                int subframe,
                                UL_IND_t *UL_INFO,
                                uint8_t crc_flag,
                                int index,
                                uint16_t rnti,
                                nfapi_ul_config_request_t
                                *ul_config_req) {
...
  nfapi_crc_indication_pdu_t *pdu =
      &UL_INFO->crc_ind.crc_indication_body
           .crc_pdu_list[UL_INFO->crc_ind.crc_indication_body.number_of_crcs];
```

used .number_of_crcs to index into .crc_pdu_list without first
checking if .number_of_crcs is in range.

When run with multiple UEs, sometimes .number_of_crcs==1 and then
-fsanitize=address complains.

Change is to use NUMBER_OF_UE_MAX instead of NB_UE_INST.

With this change, -fsanitize=address stopping complaining.
parent 11270af8
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 6 deletions
openair2/PHY_INTERFACE/phy_stub_UE.c
View file @ 034d2cfe
......@@ -175,6 +175,7 @@ void fill_crc_indication_UE_MAC(int Mod_id,
pthread_mutex_lock(&fill_ul_mutex.crc_mutex);
LOG_D(MAC, "fill crc_indication num_crcs: %u\n",
UL_INFO->crc_ind.crc_indication_body.number_of_crcs);
assert(UL_INFO->crc_ind.crc_indication_body.number_of_crcs < NUMBER_OF_UE_MAX);
nfapi_crc_indication_pdu_t *pdu =
&UL_INFO->crc_ind.crc_indication_body
.crc_pdu_list[UL_INFO->crc_ind.crc_indication_body.number_of_crcs];
......
targets/RT/USER/lte-ue.c
View file @ 034d2cfe
......@@ -1040,16 +1040,16 @@ static void *UE_phy_stub_standalone_pnf_task(void *arg)
UE = rtd->UE;
UL_INFO = (UL_IND_t *)calloc(1, sizeof(UL_IND_t));
UL_INFO->rx_ind.rx_indication_body.rx_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_rx_indication_pdu_t));
UL_INFO->rx_ind.rx_indication_body.rx_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_rx_indication_pdu_t));
UL_INFO->rx_ind.rx_indication_body.number_of_pdus = 0;
UL_INFO->crc_ind.crc_indication_body.crc_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_crc_indication_pdu_t));
UL_INFO->crc_ind.crc_indication_body.crc_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_crc_indication_pdu_t));
UL_INFO->crc_ind.crc_indication_body.number_of_crcs = 0;
UL_INFO->harq_ind.harq_indication_body.harq_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_harq_indication_pdu_t));
UL_INFO->harq_ind.harq_indication_body.harq_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_harq_indication_pdu_t));
UL_INFO->harq_ind.harq_indication_body.number_of_harqs = 0;
UL_INFO->sr_ind.sr_indication_body.sr_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_sr_indication_pdu_t));
UL_INFO->sr_ind.sr_indication_body.sr_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_sr_indication_pdu_t));
UL_INFO->sr_ind.sr_indication_body.number_of_srs = 0;
UL_INFO->cqi_ind.cqi_indication_body.cqi_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_cqi_indication_pdu_t));
UL_INFO->cqi_ind.cqi_indication_body.cqi_raw_pdu_list = calloc(NB_UE_INST, sizeof(nfapi_cqi_indication_raw_pdu_t));
UL_INFO->cqi_ind.cqi_indication_body.cqi_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_cqi_indication_pdu_t));
UL_INFO->cqi_ind.cqi_indication_body.cqi_raw_pdu_list = calloc(NUMBER_OF_UE_MAX, sizeof(nfapi_cqi_indication_raw_pdu_t));
UL_INFO->cqi_ind.cqi_indication_body.number_of_cqis = 0;
proc->subframe_rx = proc->sub_frame_start;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment