From f224509b50e3b9e8ac38c2bf9ff60580f751dfbd Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Wed, 28 Mar 2018 18:14:27 +0200 Subject: [PATCH] fix gsm0408_test: properly free bts struct after each test Add missing deletion of osmo_stat_item_group_free(bts->bts_statg). Add missing bts free after test_si_ba_ind(). Log deallocation, update expected test output. This fixes some of the errors of gsm0408_test's SI tests, as revealed by a sanitizer build using gcc (Debian 7.3.0-12) 7.3.0. Fixes: ================================================================= ==19273==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0000004b8 at pc 0x7f1561a94621 bp 0x7ffe7a7a64a0 sp 0x7ffe7a7a6498 WRITE of size 8 at 0x60d0000004b8 thread T0 #0 0x7f1561a94620 in __llist_add ../../../src/libosmocore/include/osmocom/core/linuxlist.h:75 #1 0x7f1561a94620 in llist_add ../../../src/libosmocore/include/osmocom/core/linuxlist.h:90 #2 0x7f1561a94620 in osmo_stat_item_group_alloc ../../../src/libosmocore/src/stat_item.c:141 #3 0x5574f6a19935 in gsm_bts_alloc ../../../../src/osmo-bsc/src/libbsc/gsm_data.c:728 #4 0x5574f6a12920 in bts_init ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:123 #5 0x5574f6a0ddb3 in test_si2q_e ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:192 #6 0x5574f6a0ddb3 in main ../../../../src/osmo-bsc/tests/gsm0408/gsm0408_test.c:824 #7 0x7f156061aa86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21a86) #8 0x5574f6a10339 in _start (/n/s/dev/make/osmo-bsc/tests/gsm0408/gsm0408_test+0xfc339) Change-Id: I1ebbd8cc0622ce1a061e933813829b1f770072dc --- tests/gsm0408/gsm0408_test.c | 27 +++++++++++++++++---------- tests/gsm0408/gsm0408_test.ok | 6 ++++++ 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tests/gsm0408/gsm0408_test.c b/tests/gsm0408/gsm0408_test.c index 0a2adcd86..9fd4ac75b 100644 --- a/tests/gsm0408/gsm0408_test.c +++ b/tests/gsm0408/gsm0408_test.c @@ -132,6 +132,16 @@ static inline struct gsm_bts *bts_init(void *ctx, struct gsm_network *net, const return bts; } +#define bts_del(bts) _bts_del(bts, __func__) +static inline void _bts_del(struct gsm_bts *bts, const char *msg) +{ + osmo_stat_item_group_free(bts->bts_statg); + rate_ctr_group_free(bts->bts_ctrs); + /* no need to llist_del(&bts->list), we never registered the bts there. */ + talloc_free(bts); + printf("BTS deallocated OK in %s()\n", msg); +} + static inline void test_si2q_segfault(struct gsm_network *net) { struct gsm_bts *bts = bts_init(tall_bsc_ctx, net, __func__); @@ -141,8 +151,7 @@ static inline void test_si2q_segfault(struct gsm_network *net) _bts_uarfcn_add(bts, 10612, 319, 0); gen(bts, __func__); - rate_ctr_group_free(bts->bts_ctrs); - talloc_free(bts); + bts_del(bts); } static inline void test_si2q_mu(struct gsm_network *net) @@ -158,8 +167,7 @@ static inline void test_si2q_mu(struct gsm_network *net) _bts_uarfcn_add(bts, 10613, 164, 0); _bts_uarfcn_add(bts, 10613, 14, 0); - rate_ctr_group_free(bts->bts_ctrs); - talloc_free(bts); + bts_del(bts); } static inline void test_si2q_u(struct gsm_network *net) @@ -183,8 +191,7 @@ static inline void test_si2q_u(struct gsm_network *net) _bts_uarfcn_add(bts, 1982, 14, 0); _bts_uarfcn_add(bts, 1982, 88, 0); - rate_ctr_group_free(bts->bts_ctrs); - talloc_free(bts); + bts_del(bts); } static inline void test_si2q_e(struct gsm_network *net) @@ -213,8 +220,7 @@ static inline void test_si2q_e(struct gsm_network *net) add_earfcn_b(bts, 1967, 4); add_earfcn_b(bts, 1982, 3); - rate_ctr_group_free(bts->bts_ctrs); - talloc_free(bts); + bts_del(bts); } static inline void test_si2q_long(struct gsm_network *net) @@ -258,8 +264,7 @@ static inline void test_si2q_long(struct gsm_network *net) _bts_uarfcn_add(bts, 1976, 225, 1); _bts_uarfcn_add(bts, 1976, 226, 1); - rate_ctr_group_free(bts->bts_ctrs); - talloc_free(bts); + bts_del(bts); } static void test_mi_functionality(void) @@ -680,6 +685,8 @@ static void test_si_ba_ind(struct gsm_network *net) printf("SI5ter: %s\n", osmo_hexdump((uint8_t *)si5ter, rc)); /* Validate BA-IND == 1 */ OSMO_ASSERT(si5ter->bcch_frequency_list[0] & 0x10); + + bts_del(bts); } struct test_gsm48_ra_id_by_bts { diff --git a/tests/gsm0408/gsm0408_test.ok b/tests/gsm0408/gsm0408_test.ok index ef9fea760..6bb1140a5 100644 --- a/tests/gsm0408/gsm0408_test.ok +++ b/tests/gsm0408/gsm0408_test.ok @@ -65,6 +65,7 @@ generating SI2quater for 0 EARFCNs and 2 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7f 52 e8 0a 7e 0b 2b 2b 2b 2b 2b 2b 2b 2b generating SI2quater for 0 EARFCNs and 2 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7f 52 e8 0a 7e 0b 2b 2b 2b 2b 2b 2b 2b 2b +BTS deallocated OK in test_si2q_segfault() BTS allocation OK in test_si2q_e() Testing SYSINFO_TYPE_2quater EARFCN generation: generating SI2quater for 0 EARFCNs and 0 UARFCNs... @@ -89,6 +90,7 @@ generated valid SI2quater [01/01]: [23] 59 06 07 42 20 04 86 59 83 d7 e0 50 0b 2 added EARFCN 1982 - generating SI2quater for 7 EARFCNs and 0 UARFCNs... generated valid SI2quater [00/01]: [23] 59 06 07 40 20 04 86 59 83 be cc 1e 31 07 91 a8 3c ca 0f 5a 0a 03 2b generated valid SI2quater [01/01]: [23] 59 06 07 42 20 04 86 59 83 d7 e4 1e fa c2 80 2b 2b 2b 2b 2b 2b 2b 2b +BTS deallocated OK in test_si2q_e() BTS allocation OK in test_si2q_u() Testing SYSINFO_TYPE_2quater UARFCN generation: generating SI2quater for 0 EARFCNs and 0 UARFCNs... @@ -115,6 +117,7 @@ generating SI2quater for 0 EARFCNs and 10 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 0f 7c 50 1c 3b 31 fa dd 88 85 7b c4 1c 2b 2b 2b 2b generating SI2quater for 0 EARFCNs and 11 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 0f 7c 58 1c 3b 25 7a ea 08 91 fb c4 1f b0 2b 2b 2b +BTS deallocated OK in test_si2q_u() BTS allocation OK in test_si2q_mu() Test SI2quater multiple UARFCNs: generating SI2quater for 0 EARFCNs and 1 UARFCNs... @@ -131,6 +134,7 @@ generating SI2quater for 0 EARFCNs and 6 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7d 52 e8 18 3f f4 90 54 ba 84 52 67 03 2b generating SI2quater for 0 EARFCNs and 7 UARFCNs... generated valid SI2quater [00/00]: [23] 59 06 07 40 00 25 52 88 0a 7d 52 e8 18 3f f4 90 54 ba 86 20 73 8c 81 +BTS deallocated OK in test_si2q_mu() BTS allocation OK in test_si2q_long() Testing SYSINFO_TYPE_2quater combined EARFCN & UARFCN generation: generating SI2quater for 17 EARFCNs and 1 UARFCNs... @@ -205,6 +209,7 @@ generated valid SI2quater [02/05]: [23] 59 06 07 44 a0 04 86 59 83 c2 ec 20 ff 6 generated valid SI2quater [03/05]: [23] 59 06 07 46 a0 04 86 59 84 21 54 21 4f 61 0a 99 08 55 b7 2e ca c1 2b generated valid SI2quater [04/05]: [23] 59 06 07 48 a0 04 86 59 84 2b 54 21 27 61 09 59 08 4b b7 2e ca c1 2b generated valid SI2quater [05/05]: [23] 59 06 07 4a a0 04 86 59 84 26 53 97 65 60 2b 2b 2b 2b 2b 2b 2b 2b 2b +BTS deallocated OK in test_si2q_long() BTS allocation OK in test_si_ba_ind() Testing if BA-IND is set as expected in SI2xxx and SI5xxx SI2: 59 06 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @@ -213,6 +218,7 @@ SI2ter: 59 06 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2b 2b 2b 2b SI5: 06 1d 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SI5bis: 06 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SI5ter: 06 06 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +BTS deallocated OK in test_si_ba_ind() test_gsm48_ra_id_by_bts[0]: digits='00f120' lac=0x0300=htons(3) rac=0x04=4 pass test_gsm48_ra_id_by_bts[1]: digits='002100' lac=0x0300=htons(3) rac=0x04=4 pass test_gsm48_ra_id_by_bts[2]: digits='00f000' lac=0x0000=htons(0) rac=0x00=0 pass