Fix CSN1 decoding: CSN_LEFT_ALIGNED_VAR_BMP bounds

Fix attempted read past vector boundaries in case of a starting bit offset != 0, so that the last amount of bits read should be < 8. In the case of CSN_LEFT_ALIGNED_VAR_BMP, the mod-8 calculation was flawed, and in the final step, 8 bits were read instead of the remainder < 8. This lead to -EINVAL being returned by bitvec_get_bit_pos() and bogus resulting data. Instead, read 8 bits only as long as at least 8 bits remain, and read any remaining bits < 8 in a final step. Drop unneeded nB1 variable and an obvious comment. Adjust the unit test assertion in testCsnLeftAlignedVarBmpBounds() in RLCMACTest.cpp. Based on a fix by Aravind Sirsikar <Arvind.Sirsikar@radisys.com>, but implemented differently. Related: OS#1805 Change-Id: I490498c8da6b531f54acb673379379f7b10907c0
2016-09-02 02:15:26 +02:00 · 2016-09-02 02:15:26 +02:00 · 0241526836
parent 9f5f008aed
commit 0241526836
2 changed files with 6 additions and 12 deletions
--- a/src/csn1.cpp
+++ b/src/csn1.cpp
@ -1110,22 +1110,21 @@ csnStreamDecoder(csnStream_t* ar, const CSN_DESCR* pDescr, bitvec *vector, unsig

          { /* extract bits */
            guint8* pui8 = pui8DATA(data, pDescr->offset);
-            gint16 nB1  = no_of_bits & 0x07;/* no_of_bits Mod 8 */

-            while (no_of_bits > 0)
+            while (no_of_bits >= 8)
            {
              *pui8 = bitvec_read_field(vector, readIndex, 8);
              LOGPC(DCSN1, LOGL_NOTICE, "%s = %u | ", pDescr->sz , (unsigned)*pui8);
              pui8++;
              no_of_bits -= 8;
            }
-            if (nB1 > 0)
+            if (no_of_bits > 0)
            { 
-              *pui8 = bitvec_read_field(vector, readIndex, nB1);
+              *pui8 = bitvec_read_field(vector, readIndex, no_of_bits);
              LOGPC(DCSN1, LOGL_NOTICE, "%s = %u | ", pDescr->sz , (unsigned)*pui8);
              pui8++;
-              no_of_bits  -= nB1;
-              bit_offset += nB1; /* (nB1 is no_of_bits Mod 8) */
+              bit_offset += no_of_bits;
+              no_of_bits = 0;
            }
          }
        }
--- a/tests/rlcmac/RLCMACTest.cpp
+++ b/tests/rlcmac/RLCMACTest.cpp
@ -223,13 +223,8 @@ void testCsnLeftAlignedVarBmpBounds()
 		&data.u.Egprs_Packet_Downlink_Ack_Nack.EGPRS_AckNack.Desc;
 	decode_gsm_rlcmac_uplink(vector, &data);

-	/*
-	 * TODO: URBB len is decoded as 102 bits. So 96 + 6 bits = 12 bytes + 6
-	 * bits should be decoded. The 13th byte should end up as 0x00, but we
-	 * see data coming from bitvec_get_bit_pos() returning -EINVAL.
-	 */
 	OSMO_ASSERT(!strcmp(osmo_hexdump(urbb->URBB, 13),
-			    "7f ff ff ee 00 00 00 00 00 00 00 00 ea "));
+			    "7f ff ff ee 00 00 00 00 00 00 00 00 00 "));
 }

 int main(int argc, char *argv[])