From ed4327c470c69a626a081bc91de1a5ad5e248f5a Mon Sep 17 00:00:00 2001 From: Stefan Sperling Date: Fri, 16 Mar 2018 11:02:59 +0100 Subject: fix parse_cell_id_lac_and_ci_list() The implementation was entirely broken, reading data from wrong offsets and always writing to the first element of the decoded list. Also, add a new test for this function which found the problems. Change-Id: If0fafbc7171da2a3044bfa9a167208a1afa1c07b Related: OS#2847 Depends: Ife4e485e2b86c6f3321c9700611700115ad247b2 --- src/gsm/gsm0808_utils.c | 13 +++++++------ tests/gsm0808/gsm0808_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/src/gsm/gsm0808_utils.c b/src/gsm/gsm0808_utils.c index 0165e8af..b58a4b8a 100644 --- a/src/gsm/gsm0808_utils.c +++ b/src/gsm/gsm0808_utils.c @@ -719,7 +719,7 @@ static int parse_cell_id_lac_and_ci_list(struct gsm0808_cell_id_list2 *cil, cons { uint16_t *lacp_be, *ci_be; struct osmo_lac_and_ci_id *id; - int i = 0; + int i = 0, j = 0; const size_t elemlen = sizeof(*lacp_be) + sizeof(*ci_be); *consumed = 0; @@ -727,18 +727,19 @@ static int parse_cell_id_lac_and_ci_list(struct gsm0808_cell_id_list2 *cil, cons if (remain < elemlen) return -EINVAL; - lacp_be = (uint16_t *)(&data[0]); - ci_be = (uint16_t *)(&data[2]); + lacp_be = (uint16_t *)(&data[j]); + ci_be = (uint16_t *)(&data[j + elemlen/2]); while (remain >= elemlen) { if (i >= GSM0808_CELL_ID_LIST2_MAXLEN) return -ENOSPC; - id = &cil->id_list[i].lac_and_ci; + id = &cil->id_list[i++].lac_and_ci; id->lac = osmo_load16be(lacp_be); id->ci = osmo_load16be(ci_be); *consumed += elemlen; remain -= elemlen; - lacp_be++; - ci_be++; + j += elemlen; + lacp_be = (uint16_t *)(&data[j]); + ci_be = (uint16_t *)(&data[j + elemlen/2]); } return i; diff --git a/tests/gsm0808/gsm0808_test.c b/tests/gsm0808/gsm0808_test.c index 2ce4ab26..6a589a34 100644 --- a/tests/gsm0808/gsm0808_test.c +++ b/tests/gsm0808/gsm0808_test.c @@ -954,6 +954,47 @@ static void test_gsm0808_enc_dec_cell_id_list_multi_ci() msgb_free(msg); } +static void test_gsm0808_enc_dec_cell_id_list_multi_lac_and_ci() +{ + struct gsm0808_cell_id_list2 enc_cil; + struct gsm0808_cell_id_list2 dec_cil; + struct msgb *msg; + uint8_t cil_enc_expected[] = { GSM0808_IE_CELL_IDENTIFIER_LIST, 0x15, 0x01, + 0x23, 0x42, 0x00, 0x01, + 0x24, 0x43, 0x00, 0x02, + 0x25, 0x44, 0x00, 0x77, + 0x26, 0x45, 0x01, 0xff, + 0x27, 0x46, 0x02, 0xfe, + }; + uint8_t rc_enc; + int rc_dec; + + memset(&enc_cil, 0, sizeof(enc_cil)); + enc_cil.id_discr = CELL_IDENT_LAC_AND_CI; + enc_cil.id_list[0].lac_and_ci.lac = 0x2342; + enc_cil.id_list[0].lac_and_ci.ci = 1; + enc_cil.id_list[1].lac_and_ci.lac = 0x2443; + enc_cil.id_list[1].lac_and_ci.ci = 2; + enc_cil.id_list[2].lac_and_ci.lac = 0x2544; + enc_cil.id_list[2].lac_and_ci.ci = 119; + enc_cil.id_list[3].lac_and_ci.lac = 0x2645; + enc_cil.id_list[3].lac_and_ci.ci = 511; + enc_cil.id_list[4].lac_and_ci.lac = 0x2746; + enc_cil.id_list[4].lac_and_ci.ci = 766; + enc_cil.id_list_len = 5; + + msg = msgb_alloc(1024, "output buffer"); + rc_enc = gsm0808_enc_cell_id_list2(msg, &enc_cil); + OSMO_ASSERT(rc_enc == sizeof(cil_enc_expected)); + OSMO_ASSERT(memcmp(cil_enc_expected, msg->data, msg->len) == 0); + + rc_dec = gsm0808_dec_cell_id_list2(&dec_cil, msg->data + 2, msg->len - 2); + OSMO_ASSERT(rc_dec == msg->len - 2); + OSMO_ASSERT(memcmp(&enc_cil, &dec_cil, sizeof(enc_cil)) == 0); + + msgb_free(msg); +} + int main(int argc, char **argv) { printf("Testing generation of GSM0808 messages\n"); @@ -991,6 +1032,7 @@ int main(int argc, char **argv) test_gsm0808_enc_dec_cell_id_list_bss(); test_gsm0808_enc_dec_cell_id_list_multi_lai_and_lac(); test_gsm0808_enc_dec_cell_id_list_multi_ci(); + test_gsm0808_enc_dec_cell_id_list_multi_lac_and_ci(); printf("Done\n"); return EXIT_SUCCESS; -- cgit v1.2.3