cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity

SI10: Fix uninitialized l_bts pointer 

l_bts must be declared outside the for-loop. If the loop is passed with
n_bts set the first time, l_bts is set. If the loop is passed with
n_bts set next time(s), l_bts is used to encode additional neighbor
cell infos.

Related: CID#330310 and CID#330311
Change-Id: I9dbbd066075f9ccb331616a2b59b46b1b44c8b4c
This commit is contained in:
Andreas Eversberg 2023-10-30 12:28:54 +01:00
parent 50cb01c29f
commit 9b81ef5db8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/osmo-bsc/system_information.c
View File

@ -1421,7 +1421,7 @@ int gsm_generate_si10(struct gsm48_system_information_type_10 *si10, size_t len,
const struct gsm_subscriber_connection *conn)
{
struct bitvec *nbv;
struct gsm_bts *s_bts = conn->lchan->ts->trx->bts;
struct gsm_bts *s_bts = conn->lchan->ts->trx->bts, *l_bts = NULL;
int i;
bool any_neighbor = false;
int rc;
@ -1443,7 +1443,7 @@ int gsm_generate_si10(struct gsm48_system_information_type_10 *si10, size_t len,
/* Get up to 32 possible neighbor frequencies that SI10 can refer to. */
for (i = 0; i < 32; i++) {
struct gsm_bts *c_bts, *n_bts, *l_bts;
struct gsm_bts *c_bts, *n_bts;
struct gsm_subscriber_connection *c;
unsigned int save_cur_bit;
int16_t arfcn;
@ -1478,6 +1478,7 @@ int gsm_generate_si10(struct gsm48_system_information_type_10 *si10, size_t len,
save_cur_bit = bv.cur_bit;
/* Nth neighbor, so add rest octets with differential cell info. */
LOGP(DRR, LOGL_INFO, "Append cell ID %d to SI 10.\n", n_bts->cell_identity);
OSMO_ASSERT(l_bts);
rc = si10_rest_octets_encode_other(s_bts, &bv, l_bts, n_bts, last_i, i);
if (rc < 0) {
LOGP(DRR, LOGL_INFO, "Skip cell ID %d, SI 10 would overflow.\n",