From 63ebc368affaac2b8bd30716e3df48e00c2e126b Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Tue, 7 Apr 2020 13:15:36 +0200 Subject: [PATCH] gsm0503_coding: Fix USF encoding in MCS1-4 osmo-gsm-tester raised an ASan warning in osmo-bts-trx during execution of a test with EGPRS enabled and a modem connecting to it (see OS#4483 for full trace): ==12388==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fa20b9ab8d0 at pc 0x7fa20b982894 bp 0x7ffdfea8b9c0 sp 0x7ffdfea8b9b8 READ of size 1 at 0x7fa20b9ab8d0 thread T0 #0 0x7fa20b982893 in gsm0503_mcs1_dl_interleave /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bts/libosmocore/src/coding/gsm0503_interleaving.c:165 Function gsm0503_mcs1_dl_interleave() was being passed the 6-bit USF encoding while clrearly expecting a 12 element array. TS 05.03 5.1.5.1.2 "USF precoding" also clearly states that 12bit encoding is to be used for MCS1-4. Fixes: OS#4483 Change-Id: I94db14de770070b17894a9071aa14391d26e776c --- src/coding/gsm0503_coding.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/coding/gsm0503_coding.c b/src/coding/gsm0503_coding.c index 9449f4b55..559243303 100644 --- a/src/coding/gsm0503_coding.c +++ b/src/coding/gsm0503_coding.c @@ -1176,7 +1176,7 @@ static int egprs_type3_map(ubit_t *bursts, const ubit_t *hc, const ubit_t *dc, i ubit_t iB[456]; const ubit_t *hl_hn = gsm0503_pdtch_hl_hn_ubit[3]; - gsm0503_mcs1_dl_interleave(gsm0503_usf2six[usf], hc, dc, iB); + gsm0503_mcs1_dl_interleave(gsm0503_usf2twelve_ubit[usf], hc, dc, iB); for (i = 0; i < 4; i++) { gsm0503_xcch_burst_map(&iB[i * 114], &bursts[i * 116],