From 9c62fc69a8eb9f72da054f908704acbb14a6caa6 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <ssperling@sysmocom.de>
Date: Fri, 16 Mar 2018 10:23:34 +0100
Subject: [PATCH] fix bug in parse_cell_id_ci_list()

Cell ID lists with CI were misparsed because parse_cell_id_ci_list()
failed to report the amount of consumed bytes to its caller.

Also add a regression test which uncovered the bug.

Change-Id: Ife4e485e2b86c6f3321c9700611700115ad247b2
Depends: If6b941720de33dca66b6b1aa2cb95a3275708b7f
Related: OS#2847
---
 src/gsm/gsm0808_utils.c      |  2 +-
 tests/gsm0808/gsm0808_test.c | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/src/gsm/gsm0808_utils.c b/src/gsm/gsm0808_utils.c
index ac1e8520d..0165e8afe 100644
--- a/src/gsm/gsm0808_utils.c
+++ b/src/gsm/gsm0808_utils.c
@@ -756,7 +756,7 @@ static int parse_cell_id_ci_list(struct gsm0808_cell_id_list2 *cil, const uint8_
 		if (i >= GSM0808_CELL_ID_LIST2_MAXLEN)
 			return -ENOSPC;
 		cil->id_list[i++].ci = osmo_load16be(ci_be++);
-		consumed += elemlen;
+		*consumed += elemlen;
 		remain -= elemlen;
 	}
 	return i;
diff --git a/tests/gsm0808/gsm0808_test.c b/tests/gsm0808/gsm0808_test.c
index 4da39294f..2ce4ab263 100644
--- a/tests/gsm0808/gsm0808_test.c
+++ b/tests/gsm0808/gsm0808_test.c
@@ -920,6 +920,40 @@ static void test_gsm0808_enc_dec_cell_id_list_multi_lai_and_lac()
 	msgb_free(msg);
 }
 
+static void test_gsm0808_enc_dec_cell_id_list_multi_ci()
+{
+	struct gsm0808_cell_id_list2 enc_cil;
+	struct gsm0808_cell_id_list2 dec_cil;
+	struct msgb *msg;
+	uint8_t cil_enc_expected[] = { GSM0808_IE_CELL_IDENTIFIER_LIST, 0x09, 0x02,
+		0x00, 0x01,
+		0x00, 0x02,
+		0x00, 0x77,
+		0x01, 0xff,
+	};
+	uint8_t rc_enc;
+	int rc_dec;
+
+	memset(&enc_cil, 0, sizeof(enc_cil));
+	enc_cil.id_discr = CELL_IDENT_CI;
+	enc_cil.id_list[0].ci = 1;
+	enc_cil.id_list[1].ci = 2;
+	enc_cil.id_list[2].ci = 119;
+	enc_cil.id_list[3].ci = 511;
+	enc_cil.id_list_len = 4;
+
+	msg = msgb_alloc(1024, "output buffer");
+	rc_enc = gsm0808_enc_cell_id_list2(msg, &enc_cil);
+	OSMO_ASSERT(rc_enc == sizeof(cil_enc_expected));
+	OSMO_ASSERT(memcmp(cil_enc_expected, msg->data, msg->len) == 0);
+
+	rc_dec = gsm0808_dec_cell_id_list2(&dec_cil, msg->data + 2, msg->len - 2);
+	OSMO_ASSERT(rc_dec == msg->len - 2);
+	OSMO_ASSERT(memcmp(&enc_cil, &dec_cil, sizeof(enc_cil)) == 0);
+
+	msgb_free(msg);
+}
+
 int main(int argc, char **argv)
 {
 	printf("Testing generation of GSM0808 messages\n");
@@ -956,6 +990,7 @@ int main(int argc, char **argv)
 	test_gsm0808_enc_dec_cell_id_list_multi_lac();
 	test_gsm0808_enc_dec_cell_id_list_bss();
 	test_gsm0808_enc_dec_cell_id_list_multi_lai_and_lac();
+	test_gsm0808_enc_dec_cell_id_list_multi_ci();
 
 	printf("Done\n");
 	return EXIT_SUCCESS;