osmith has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-gbproxy/+/33738 )
Change subject: gbprox_rx_ptp_from_bss: fix dangling pointer
......................................................................
gbprox_rx_ptp_from_bss: fix dangling pointer
Building with GCC 12 and --enable-werror fails without this. There is
already a "hack to get both msg + tlv_parsed passed via
osmo_fsm_inst_dispatch" comment, make the variable global until this is
implemented properly.
../../../src/gb_proxy.c:450:24: error: storing the address of local variable
'tp' in '((struct libgb_msgb_cb *)msg)[2].bssgp_cell_id'
[-Werror=dangling-pointer=]
450 | msgb_bcid(msg) = (void *)&tp;
Related: OS#6057
Change-Id: Ie51e37572993cb5dc24ecf13bc300225f09cb744
---
M src/gb_proxy.c
1 file changed, 33 insertions(+), 13 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-gbproxy refs/changes/38/33738/1
diff --git a/src/gb_proxy.c b/src/gb_proxy.c
index a7554a6..f91d431 100644
--- a/src/gb_proxy.c
+++ b/src/gb_proxy.c
@@ -80,6 +80,9 @@
.class_id = OSMO_STATS_CLASS_GLOBAL,
};
+/* Hack for gbprox_rx_ptp_from_bss */
+struct tlv_parsed g_tp;
+
int tx_status(struct gbproxy_nse *nse, uint16_t ns_bvci, enum gprs_bssgp_cause
cause, const uint16_t *bvci, const struct msgb *old_msg)
{
int rc;
@@ -410,7 +413,6 @@
struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *)
msgb_bssgph(msg);
const char *pdut_name = osmo_tlv_prot_msg_name(&osmo_pdef_bssgp,
bgph->pdu_type);
struct gbproxy_bvc *bss_bvc;
- struct tlv_parsed tp;
char log_pfx[32];
uint32_t tlli;
int rc;
@@ -441,13 +443,13 @@
return tx_status(nse, ns_bvci, BSSGP_CAUSE_UNKNOWN_BVCI,
&ns_bvci, msg);
}
- rc = gbproxy_decode_bssgp(bgph, msgb_bssgp_len(msg), &tp, log_pfx);
+ rc = gbproxy_decode_bssgp(bgph, msgb_bssgp_len(msg), &g_tp, log_pfx);
if (rc < 0) {
rate_ctr_inc(rate_ctr_group_get_ctr(nse->cfg->ctrg,
GBPROX_GLOB_CTR_PROTO_ERR_BSS));
return tx_status_from_tlvp(nse, rc, msg);
}
/* hack to get both msg + tlv_parsed passed via osmo_fsm_inst_dispatch
*/
- msgb_bcid(msg) = (void *)&tp;
+ msgb_bcid(msg) = (void *)&g_tp;
switch (bgph->pdu_type) {
case BSSGP_PDUT_UL_UNITDATA:
@@ -466,20 +468,20 @@
case BSSGP_PDUT_PS_HO_COMPLETE:
case BSSGP_PDUT_PS_HO_CANCEL:
/* We can route based on TLLI-NRI */
- tlli = osmo_load32be(TLVP_VAL(&tp, BSSGP_IE_TLLI));
+ tlli = osmo_load32be(TLVP_VAL(&g_tp, BSSGP_IE_TLLI));
rc = gbprox_bss2sgsn_tlli(bss_bvc->cell, msg, &tlli, false);
break;
case BSSGP_PDUT_RADIO_STATUS:
- if (TLVP_PRESENT(&tp, BSSGP_IE_TLLI)) {
- tlli = osmo_load32be(TLVP_VAL(&tp, BSSGP_IE_TLLI));
+ if (TLVP_PRESENT(&g_tp, BSSGP_IE_TLLI)) {
+ tlli = osmo_load32be(TLVP_VAL(&g_tp, BSSGP_IE_TLLI));
rc = gbprox_bss2sgsn_tlli(bss_bvc->cell, msg, &tlli,
false);
- } else if (TLVP_PRESENT(&tp, BSSGP_IE_TMSI)) {
+ } else if (TLVP_PRESENT(&g_tp, BSSGP_IE_TMSI)) {
/* we treat the TMSI like a TLLI and extract the NRI
from it */
- tlli = osmo_load32be(TLVP_VAL(&tp, BSSGP_IE_TMSI));
+ tlli = osmo_load32be(TLVP_VAL(&g_tp, BSSGP_IE_TMSI));
/* Convert the TMSI into a FOREIGN TLLI so it is routed
appropriately */
tlli = gprs_tmsi2tlli(tlli, TLLI_FOREIGN);
rc = gbprox_bss2sgsn_tlli(bss_bvc->cell, msg, &tlli,
false);
- } else if (TLVP_PRESENT(&tp, BSSGP_IE_IMSI)) {
+ } else if (TLVP_PRESENT(&g_tp, BSSGP_IE_IMSI)) {
/* FIXME: Use the IMSI as selector? */
rc = gbprox_bss2sgsn_tlli(bss_bvc->cell, msg, NULL,
false);
} else
@@ -490,8 +492,8 @@
{
/* Route according to IMSI<->NSE cache entry */
struct osmo_mobile_identity mi;
- const uint8_t *mi_data = TLVP_VAL(&tp, BSSGP_IE_IMSI);
- uint8_t mi_len = TLVP_LEN(&tp, BSSGP_IE_IMSI);
+ const uint8_t *mi_data = TLVP_VAL(&g_tp, BSSGP_IE_IMSI);
+ uint8_t mi_len = TLVP_LEN(&g_tp, BSSGP_IE_IMSI);
osmo_mobile_identity_decode(&mi, mi_data, mi_len, false);
nse = gbproxy_nse_by_imsi(nse->cfg, mi.imsi,
CACHE_USAGE_PAGING);
if (nse) {
@@ -509,12 +511,12 @@
{
struct gbproxy_sgsn *sgsn;
/* Check if the status needs to be terminated locally */
- uint8_t cause = *TLVP_VAL(&tp, BSSGP_IE_CAUSE);
+ uint8_t cause = *TLVP_VAL(&g_tp, BSSGP_IE_CAUSE);
LOGPNSE(nse, LOGL_NOTICE, "Rx STATUS cause=0x%02x(%s)\n", cause,
bssgp_cause_str(cause));
- if (gbproxy_tlli_from_status_pdu(&tp, &tlli, log_pfx) == 0)
+ if (gbproxy_tlli_from_status_pdu(&g_tp, &tlli, log_pfx) == 0)
sgsn = gbproxy_select_sgsn(nse->cfg, &tlli);
else
sgsn = gbproxy_select_sgsn(nse->cfg, NULL);
--
To view, visit https://gerrit.osmocom.org/c/osmo-gbproxy/+/33738
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-gbproxy
Gerrit-Branch: master
Gerrit-Change-Id: Ie51e37572993cb5dc24ecf13bc300225f09cb744
Gerrit-Change-Number: 33738
Gerrit-PatchSet: 1
Gerrit-Owner: osmith <[email protected]>
Gerrit-MessageType: newchange
