Actions
Bug #3024
closedinclude/osmo-bts/l1sap.h/L1SAP_FN2CCCHBLOCK: possible overflow
Start date:
03/01/2018
Due date:
% Done:
100%
Spec Reference:
Description
Have a look at the:
#define L1SAP_FN2CCCHBLOCK(fn) ((fn % 51) / 5 - 1)
if (fn < 5), we may get (0 / 5 - 1) (0 - 1) -1.
Is this expected?
Updated by laforge over 5 years ago
well, (fn%51) < 6 doesn't occur on the CCCH, but only on the BCCH. So if somebody is using this macro from a non-CCCH context, then that's a bug. We could add an OSMO_ASSERT(fn >= 6) to be sure.
(fn%51) 5 is also illegal in this context, even though it renders a result. (fn%51)6 is the first burst of B0 on CCCH.
Updated by laforge over 5 years ago
actually, that entire function is super incorrect, if you use it for arbitrary frame numbers. I think it would be best to replace it with a lookup table...
Updated by laforge over 5 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 80
see proposed patch https://gerrit.osmocom.org/#/c/osmo-bts/+/11163
Updated by laforge over 5 years ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
patch merged
Actions