gsm48_parse_meas_rep(): set num_cell=0 if no neighbor cells are reported
Set mr->num_cell to 0 if the bits reflect 0x7, which means that no neighbor
cell measurements are enclosed in the report.
The code in gsm48_parse_meas_rep() acknowledges that, but nevertheless left
num_cell == 7, and evaluating code commonly runs into the mistake of assuming
that actually seven neighbors are being reported on, like:
MEASUREMENT REPORT
0: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
1: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
2: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
3: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
4: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
5: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
6: arfcn=0 bsic=0 neigh_idx=0 rxlev=0 flags=0
There are only up to 6 slots for neighbors, the above listing actually printed
7, because num_cell == 7, which is a potential segfault. (sometimes it printed
uninitialized values instead of 0)
We could fix all meas rep consumers to know what num_cell == 7 means, but
instead setting it to 0 trivially fixes all of them.
Change-Id: Ie12210660a04f2d664ddc92e7ad7fc39ee474180
1 file changed