[MERGED] osmo-bsc[master]: range_enc_arfcns: avoid runtime error on zero size

Harald Welte Wed, 28 Mar 2018 15:06:36 -0700

Harald Welte has submitted this change and it was merged.

Change subject: range_enc_arfcns: avoid runtime error on zero size
......................................................................



range_enc_arfcns: avoid runtime error on zero size

If size <= 1, avoid allocating arfcns_left[size / 2], which results in a zero
size and causes, with gcc 7.3.0 sanitizer, runtime errors:

../../../../src/osmo-bsc/src/libbsc/arfcn_range_encode.c:95:6: runtime error: 
variable length array bound evaluates to non-positive value 0
../../../../src/osmo-bsc/src/libbsc/arfcn_range_encode.c:96:6: runtime error: 
variable length array bound evaluates to non-positive value 0

This fixes some of the errors of gsm0408_test, as revealed by a sanitizer build
using gcc (Debian 7.3.0-12) 7.3.0.

Change-Id: Idab2a194fb9d7c41ed3367f935080eaae4ce367f
---
M src/libbsc/arfcn_range_encode.c
1 file changed, 24 insertions(+), 18 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/libbsc/arfcn_range_encode.c b/src/libbsc/arfcn_range_encode.c
index ae99fd9..84f9f63 100644
--- a/src/libbsc/arfcn_range_encode.c
+++ b/src/libbsc/arfcn_range_encode.c
@@ -74,14 +74,8 @@
        return -1;
 }
 
-/**
- * Range encode the ARFCN list.
- * \param range The range to use.
- * \param arfcns The list of ARFCNs
- * \param size The size of the list of ARFCNs
- * \param out Place to store the W(i) output.
- */
-int range_enc_arfcns(enum gsm48_range range,
+/* Worker for range_enc_arfcns(), do not call directly. */
+int _range_enc_arfcns(enum gsm48_range range,
                const int *arfcns, int size, int *out,
                const int index)
 {
@@ -98,16 +92,6 @@
        int r_size;
        int l_origin;
        int r_origin;
-
-
-       /* Test the two recursion anchors and stop processing */
-       if (size == 0)
-               return 0;
-
-       if (size == 1) {
-               out[index] = 1 + arfcns[0];
-               return 0;
-       }
 
        /* Now do the processing */
        split_at = range_enc_find_index(range, arfcns, size);
@@ -140,6 +124,28 @@
        return 0;
 }
 
+/**
+ * Range encode the ARFCN list.
+ * \param range The range to use.
+ * \param arfcns The list of ARFCNs
+ * \param size The size of the list of ARFCNs
+ * \param out Place to store the W(i) output.
+ */
+int range_enc_arfcns(enum gsm48_range range,
+               const int *arfcns, int size, int *out,
+               const int index)
+{
+       if (size <= 0)
+               return 0;
+
+       if (size == 1) {
+               out[index] = 1 + arfcns[0];
+               return 0;
+       }
+
+       return _range_enc_arfcns(range, arfcns, size, out, index);
+}
+
 /*
  * The easiest is to use f0 == arfcns[0]. This means that under certain
  * circumstances we can encode less ARFCNs than possible with an optimal f0.

-- 
To view, visit https://gerrit.osmocom.org/7561
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Idab2a194fb9d7c41ed3367f935080eaae4ce367f
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder

[MERGED] osmo-bsc[master]: range_enc_arfcns: avoid runtime error on zero size

Reply via email to