From 9f5f008aedc910ff0ce18bf3f92b9b74f0438bf8 Mon Sep 17 00:00:00 2001
From: Aravind Sirsikar <Arvind.Sirsikar@radisys.com>
Date: Tue, 30 Aug 2016 13:20:23 +0530
Subject: CSN1 decoding: add test to show bug in CSN_LEFT_ALIGNED_VAR_BMP

CSN1 decoding currently contains an attempted read past vector boundaries in
case of a starting bit offset != 0, so that the last amount of bits read should
be < 8. In the case of CSN_LEFT_ALIGNED_VAR_BMP, the mod-8 calculation is
flawed, and in what should be the final step of reading n < 8 bits, 8 bits are
read instead of n (with an extraneous read of n bits following after that).
This leads to -EINVAL being returned by bitvec_get_bit_pos() and bogus
resulting data.

Add testCsnLeftAlignedVarBmpBounds() in RLCMACTest.cpp to show and expect this
bug. The test's expectation shall be corrected along with the bug fix in a
subsequent commit.

Related: OS#1805
Tweaked-by: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Change-Id: I4641f5d1d49f66cb1a5cd813befb3a2a266001b0
---
 tests/rlcmac/RLCMACTest.cpp | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/tests/rlcmac/RLCMACTest.cpp b/tests/rlcmac/RLCMACTest.cpp
index 466b89e5..f633dd82 100644
--- a/tests/rlcmac/RLCMACTest.cpp
+++ b/tests/rlcmac/RLCMACTest.cpp
@@ -30,6 +30,7 @@ extern const struct log_info gprs_log_info;
 #include "pcu_vty.h"
 #include <osmocom/vty/telnet_interface.h>
 #include <osmocom/vty/logging.h>
+#include <osmocom/core/utils.h>
 #include <osmocom/core/application.h>
 }
 using namespace std;
@@ -211,6 +212,26 @@ void testRlcMacUplink()
 	bitvec_free(resultVector);
 }
 
+void testCsnLeftAlignedVarBmpBounds()
+{
+	bitvec *vector = bitvec_alloc(23);
+
+	bitvec_unhex(vector, "40200bffd161003e0e519ffffffb800000000000000000");
+	RlcMacUplink_t data;
+
+	EGPRS_AckNack_Desc_t *urbb =
+		&data.u.Egprs_Packet_Downlink_Ack_Nack.EGPRS_AckNack.Desc;
+	decode_gsm_rlcmac_uplink(vector, &data);
+
+	/*
+	 * TODO: URBB len is decoded as 102 bits. So 96 + 6 bits = 12 bytes + 6
+	 * bits should be decoded. The 13th byte should end up as 0x00, but we
+	 * see data coming from bitvec_get_bit_pos() returning -EINVAL.
+	 */
+	OSMO_ASSERT(!strcmp(osmo_hexdump(urbb->URBB, 13),
+			    "7f ff ff ee 00 00 00 00 00 00 00 00 ea "));
+}
+
 int main(int argc, char *argv[])
 {
 	osmo_init_logging(&gprs_log_info);
@@ -218,5 +239,5 @@ int main(int argc, char *argv[])
 	//printSizeofRLCMAC();
 	testRlcMacDownlink();
 	testRlcMacUplink();
-
+	testCsnLeftAlignedVarBmpBounds();
 }
-- 
cgit v1.2.3