From a8ab765fe5978091c8d026a397226cae86669baa Mon Sep 17 00:00:00 2001
From: Wu Jing <wu.jing@cn.fujitsu.com>
Date: Thu, 1 Feb 2018 14:48:53 +0900
Subject: [PATCH] patch rrc_assertion.patch into closed_item
# Conflicts:
# openair2/RRC/LITE/rrc_eNB.c
---
openair2/RRC/LITE/L2_interface.c | 8 ++
openair2/RRC/LITE/MESSAGES/asn1_msg.c | 103 ++++++++++++++++++++++----
openair2/RRC/LITE/rrc_eNB.c | 46 +++++++++++-
openair2/RRC/LITE/rrc_eNB_S1AP.c | 8 ++
4 files changed, 151 insertions(+), 14 deletions(-)
diff --git a/openair2/RRC/LITE/L2_interface.c b/openair2/RRC/LITE/L2_interface.c
index a95db63d53..5b0971a4bd 100644
--- a/openair2/RRC/LITE/L2_interface.c
+++ b/openair2/RRC/LITE/L2_interface.c
@@ -613,6 +613,14 @@ rrc_data_req(
)
//------------------------------------------------------------------------------
{
+#ifdef UE_EXPANSION
+ if(sdu_sizeP == 255)
+ {
+ LOG_I(RRC,"sdu_sizeP == 255");
+ return FALSE;
+ }
+#else
+#endif
MSC_LOG_TX_MESSAGE(
ctxt_pP->enb_flag ? MSC_RRC_ENB : MSC_RRC_UE,
ctxt_pP->enb_flag ? MSC_PDCP_ENB : MSC_PDCP_UE,
diff --git a/openair2/RRC/LITE/MESSAGES/asn1_msg.c b/openair2/RRC/LITE/MESSAGES/asn1_msg.c
index 724b30a3d1..08dd65bea7 100644
--- a/openair2/RRC/LITE/MESSAGES/asn1_msg.c
+++ b/openair2/RRC/LITE/MESSAGES/asn1_msg.c
@@ -1620,9 +1620,17 @@ do_RRCConnectionSetup(
(void*)&dl_ccch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -1691,9 +1699,17 @@ do_SecurityModeCommand(
(void*)&dl_dcch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -1767,9 +1783,17 @@ do_UECapabilityEnquiry(
(void*)&dl_dcch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -1927,9 +1951,17 @@ do_RRCConnectionReconfiguration(
(void*)&dl_dcch_msg,
buffer,
RRC_BUF_SIZE);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %zd)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#ifdef XER_PRINT
xer_fprint(stdout,&asn_DEF_DL_DCCH_Message,(void*)&dl_dcch_msg);
#endif
@@ -2140,9 +2172,17 @@ do_RRCConnectionReestablishment(
(void*)&dl_ccch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -2198,9 +2238,17 @@ do_RRCConnectionReestablishmentReject(
(void*)&dl_ccch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -2257,9 +2305,17 @@ do_RRCConnectionReject(
(void*)&dl_ccch_msg,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %ld)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -2446,9 +2502,17 @@ uint8_t do_MBSFNAreaConfig(uint8_t Mod_id,
(void*)mcch_message,
buffer,
100);
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -2575,12 +2639,17 @@ uint8_t do_MeasurementReport(uint8_t Mod_id, uint8_t *buffer,int measid,int phy_
(void*)&ul_dcch_msg,
buffer,
100);
-
-
-
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
-
+#endif
#if defined(ENABLE_ITTI)
# if !defined(DISABLE_XER_SPRINT)
{
@@ -2706,9 +2775,17 @@ uint8_t do_Paging(uint8_t Mod_id, uint8_t *buffer, ue_paging_identity_t ue_pagin
Mod_id, paging_record_p->cn_Domain, ue_paging_identity.presenceMask, pcch_msg.message.choice.c1.choice.paging.pagingRecordList->list.count);
enc_rval = uper_encode_to_buffer(&asn_DEF_PCCH_Message, (void*)&pcch_msg, buffer, RRC_BUF_SIZE);
-
+#ifdef UE_EXPANSION
+ if(enc_rval.encoded == -1)
+ {
+ LOG_I(RRC, "[eNB AssertFatal]ASN1 message encoding failed (%s, %lu)!\n",
+ enc_rval.failed_type->name, enc_rval.encoded);
+ return -1;
+ }
+#else
AssertFatal (enc_rval.encoded > 0, "ASN1 message encoding failed (%s, %lu)!\n",
enc_rval.failed_type->name, enc_rval.encoded);
+#endif
#ifdef XER_PRINT
xer_fprint(stdout, &asn_DEF_PCCH_Message, (void*)&pcch_msg);
#endif
diff --git a/openair2/RRC/LITE/rrc_eNB.c b/openair2/RRC/LITE/rrc_eNB.c
index 6c4413318f..4058613c3a 100644
--- a/openair2/RRC/LITE/rrc_eNB.c
+++ b/openair2/RRC/LITE/rrc_eNB.c
@@ -813,8 +813,14 @@ rrc_eNB_free_UE(const module_id_t enb_mod_idP,const struct rrc_eNB_ue_context_s*
PHY_VARS_eNB *eNB_PHY = NULL;
eNB_MAC_INST *eNB_MAC = RC.mac[enb_mod_idP];
#endif
-
+#ifdef UE_EXPANSION
+ if (enb_mod_idP >= NB_eNB_INST) {
+ LOG_I(RRC, "eNB inst invalid (%d/%d) for UE %x!\n",enb_mod_idP, NB_eNB_INST,rnti);
+ return;
+ }
+#else
AssertFatal(enb_mod_idP < NB_eNB_INST, "eNB inst invalid (%d/%d) for UE %x!", enb_mod_idP, NB_eNB_INST, rnti);
+#endif
/* ue_context_p = rrc_eNB_get_ue_context(
&RC.rrc[enb_mod_idP],
rntiP
@@ -3931,7 +3937,15 @@ check_handovers(
ue_context_p->ue_context.handover_info->size,
ue_context_p->ue_context.handover_info->buf,
PDCP_TRANSMISSION_MODE_CONTROL);
+#ifdef UE_EXPANSION
+ if(result != TRUE)
+ {
+ LOG_I(RRC, "PDCP data request failed!\n");
+ return;
+ }
+#else
AssertFatal(result == TRUE, "PDCP data request failed!\n");
+#endif
ue_context_p->ue_context.handover_info->ho_complete = 0xF2;
}
}
@@ -5829,9 +5843,18 @@ rrc_eNB_decode_ccch(
rrcConnectionRequest = &ul_ccch_msg->message.choice.c1.choice.rrcConnectionRequest.criticalExtensions.choice.rrcConnectionRequest_r8;
{
if (InitialUE_Identity_PR_randomValue == rrcConnectionRequest->ue_Identity.present) {
+ #ifdef UE_EXPANSION
+ if(rrcConnectionRequest->ue_Identity.choice.randomValue.size != 5)
+ {
+ LOG_I(RRC, "wrong InitialUE-Identity randomValue size, expected 5, provided %d",
+ rrcConnectionRequest->ue_Identity.choice.randomValue.size);
+ return -1;
+ }
+ #else
AssertFatal(rrcConnectionRequest->ue_Identity.choice.randomValue.size == 5,
"wrong InitialUE-Identity randomValue size, expected 5, provided %d",
rrcConnectionRequest->ue_Identity.choice.randomValue.size);
+ #endif
memcpy(((uint8_t*) & random_value) + 3,
rrcConnectionRequest->ue_Identity.choice.randomValue.buf,
rrcConnectionRequest->ue_Identity.choice.randomValue.size);
@@ -6838,9 +6861,16 @@ rrc_enb_task(
LOG_I(RRC,"Decoding CCCH : inst %d, CC_id %d, ctxt %p, sib_info_p->Rx_buffer.payload_size %d\n",
instance,CC_id,&ctxt, RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size);
+#ifdef UE_EXPANSION
+ if (RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size >= RRC_BUFFER_SIZE_MAX) {
+ LOG_I(RRC, "CCCH message has size %d > %d\n",RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size,RRC_BUFFER_SIZE_MAX);
+ break;
+ }
+#else
AssertFatal(RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size < RRC_BUFFER_SIZE_MAX,
"CCCH message has size %d > %d\n",
RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size,RRC_BUFFER_SIZE_MAX);
+#endif
memcpy(srb_info_p->Rx_buffer.Payload,
RRC_MAC_CCCH_DATA_IND(msg_p).sdu,
RRC_MAC_CCCH_DATA_IND(msg_p).sdu_size);
@@ -6868,7 +6898,14 @@ rrc_enb_task(
// Message buffer has been processed, free it now.
result = itti_free(ITTI_MSG_ORIGIN_ID(msg_p), RRC_DCCH_DATA_IND(msg_p).sdu_p);
+#ifdef UE_EXPANSION
+ if (result != EXIT_SUCCESS) {
+ LOG_I(RRC, "Failed to free memory (%d)!\n",result);
+ break;
+ }
+#else
AssertFatal(result == EXIT_SUCCESS, "Failed to free memory (%d)!\n", result);
+#endif
break;
# if defined(ENABLE_USE_MME)
@@ -6937,7 +6974,14 @@ rrc_enb_task(
}
result = itti_free(ITTI_MSG_ORIGIN_ID(msg_p), msg_p);
+#ifdef UE_EXPANSION
+ if (result != EXIT_SUCCESS) {
+ LOG_I(RRC, "Failed to free memory (%d)!\n",result);
+ continue;
+ }
+#else
AssertFatal(result == EXIT_SUCCESS, "Failed to free memory (%d)!\n", result);
+#endif
msg_p = NULL;
}
}
diff --git a/openair2/RRC/LITE/rrc_eNB_S1AP.c b/openair2/RRC/LITE/rrc_eNB_S1AP.c
index 0ecf8f569a..98b842147b 100644
--- a/openair2/RRC/LITE/rrc_eNB_S1AP.c
+++ b/openair2/RRC/LITE/rrc_eNB_S1AP.c
@@ -1957,6 +1957,14 @@ int rrc_eNB_process_PAGING_IND(MessageDef *msg_p, const char *msg_name, instance
buffer,
S1AP_PAGING_IND(msg_p).ue_paging_identity,
S1AP_PAGING_IND(msg_p).cn_domain);
+ #ifdef UE_EXPANSION
+ if(length == -1)
+ {
+ LOG_I(RRC, "do_Paging error");
+ return -1;
+ }
+ #else
+ #endif
message_buffer = itti_malloc (TASK_RRC_ENB, TASK_PDCP_ENB, length);
/* Uses a new buffer to avoid issue with PDCP buffer content that could be changed by PDCP (asynchronous message handling). */
memcpy (message_buffer, buffer, length);
--
GitLab