Prevent segfault in range encoding
* Explicitly check when ARFCN array split is impossible and return
gracefully instead of using negative index.
* Separate range encoding into generic function and use it for all
SI-related things.
* Propagate the error into that function and to its callers.
* Add separate test-case for the segfault previously triggered by this bug.
Change-Id: I3e049ab2d7c1c4d6c791b148f37e10636a8e43e0
Related: RT#7379
diff --git a/openbsc/tests/gsm0408/gsm0408_test.c b/openbsc/tests/gsm0408/gsm0408_test.c
index ae8cbdd..472c2ae 100644
--- a/openbsc/tests/gsm0408/gsm0408_test.c
+++ b/openbsc/tests/gsm0408/gsm0408_test.c
@@ -120,6 +120,21 @@
gen(bts);
}
+static inline void test_si2q_segfault(void)
+{
+ struct gsm_bts *bts;
+ struct gsm_network *network = bsc_network_init(tall_bsc_ctx, 1, 1, NULL);
+ printf("Test SI2quater UARFCN (same scrambling code and diversity):\n");
+
+ if (!network)
+ exit(1);
+ bts = gsm_bts_alloc(network);
+
+ _bts_uarfcn_add(bts, 10564, 319, 0);
+ _bts_uarfcn_add(bts, 10612, 319, 0);
+ gen(bts);
+}
+
static inline void test_si2q_u(void)
{
struct gsm_bts *bts;
@@ -590,6 +605,7 @@
test_range_encoding();
test_gsm411_rp_ref_wrap();
+ test_si2q_segfault();
test_si2q_e();
test_si2q_u();
printf("Done.\n");
diff --git a/openbsc/tests/gsm0408/gsm0408_test.ok b/openbsc/tests/gsm0408/gsm0408_test.ok
index ebe9476..1118dd9 100644
--- a/openbsc/tests/gsm0408/gsm0408_test.ok
+++ b/openbsc/tests/gsm0408/gsm0408_test.ok
@@ -62,6 +62,10 @@
Allocated reference: 255
Allocated reference: 0
Allocated reference: 1
+Test SI2quater UARFCN (same scrambling code and diversity):
+generated valid SI2quater: [23] 59 06 07 c0 00 25 52 88 0a 7e 10 99 64 00 0b 2b 2b 2b 2b 2b 2b 2b 2b
+failed to generate SI2quater: Invalid argument
+failed to generate SI2quater: Invalid argument
Testing SYSINFO_TYPE_2quater EARFCN generation:
generated invalid SI2quater: [23] 59 06 07 c0 00 04 86 59 0a 03 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b
added EARFCN 1917 - generated valid SI2quater: [23] 59 06 07 c0 00 04 86 59 83 be c8 50 0b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b