From 30aac5a89a0d7f17e103a5b3a957af6c5ae36d66 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Fri, 15 Nov 2019 15:50:08 +0100 Subject: [PATCH] fix wrong c-type cast accessing UE database and uninit mem --- srsenb/hdr/stack/rrc/rrc.h | 12 ++++++------ srsenb/src/stack/rrc/rrc.cc | 17 +++++++---------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/srsenb/hdr/stack/rrc/rrc.h b/srsenb/hdr/stack/rrc/rrc.h index 86a9276a8..d0819ba66 100644 --- a/srsenb/hdr/stack/rrc/rrc.h +++ b/srsenb/hdr/stack/rrc/rrc.h @@ -269,8 +269,8 @@ public: void send_dl_dcch(asn1::rrc::dl_dcch_msg_s* dl_dcch_msg, srslte::unique_byte_buffer_t pdu = srslte::unique_byte_buffer_t()); - uint16_t rnti; - rrc* parent; + uint16_t rnti = 0; + rrc* parent = nullptr; bool connect_notified = false; @@ -404,12 +404,12 @@ private: uint32_t nof_users[100][80]; }; - sr_sched_t sr_sched; - sr_sched_t cqi_sched; + sr_sched_t sr_sched = {}; + sr_sched_t cqi_sched = {}; asn1::rrc::mcch_msg_s mcch; bool enable_mbms = false; - rrc_cfg_t cfg; - uint32_t nof_si_messages; + rrc_cfg_t cfg = {}; + uint32_t nof_si_messages = 0; asn1::rrc::sib_type2_s sib2; asn1::rrc::sib_type7_s sib7; diff --git a/srsenb/src/stack/rrc/rrc.cc b/srsenb/src/stack/rrc/rrc.cc index 136cc9a1a..6a08b836c 100644 --- a/srsenb/src/stack/rrc/rrc.cc +++ b/srsenb/src/stack/rrc/rrc.cc @@ -42,13 +42,6 @@ rrc::rrc() : cnotifier(nullptr), nof_si_messages(0) { users.clear(); pending_paging.clear(); - - bzero(&sr_sched, sizeof(sr_sched)); - bzero(&cqi_sched, sizeof(cqi_sched)); - bzero(&cfg.sr_cfg, sizeof(cfg.sr_cfg)); - bzero(&cfg.cqi_cfg, sizeof(cfg.cqi_cfg)); - bzero(&cfg.qci_cfg, sizeof(cfg.qci_cfg)); - bzero(&cfg.cell, sizeof(cfg.cell)); } rrc::~rrc() {} @@ -133,7 +126,7 @@ void rrc::get_metrics(rrc_metrics_t& m) pthread_mutex_lock(&user_mutex); m.n_ues = 0; for (auto iter = users.begin(); m.n_ues < ENB_METRICS_MAX_USERS && iter != users.end(); ++iter) { - ue* u = (ue*)&iter->second; + ue* u = iter->second.get(); if (iter->first != SRSLTE_MRNTI) { m.ues[m.n_ues++].state = u->get_state(); } @@ -632,7 +625,7 @@ void rrc::ho_preparation_complete(uint16_t rnti, bool is_success) /******************************************************************************* Private functions - All private functions are not mutexed and must be called from a mutexed enviornment + All private functions are not mutexed and must be called from a mutexed environment from either a public function or the internal thread *******************************************************************************/ @@ -705,6 +698,7 @@ void rrc::parse_ul_ccch(uint16_t rnti, srslte::unique_byte_buffer_t pdu) } } +///< User mutex must be hold by caller void rrc::parse_ul_dcch(uint16_t rnti, uint32_t lcid, srslte::unique_byte_buffer_t pdu) { if (pdu) { @@ -717,6 +711,7 @@ void rrc::parse_ul_dcch(uint16_t rnti, uint32_t lcid, srslte::unique_byte_buffer } } +///< User mutex must be hold by caller void rrc::process_rl_failure(uint16_t rnti) { auto user_it = users.find(rnti); @@ -741,6 +736,7 @@ void rrc::process_rl_failure(uint16_t rnti) } } +///< User mutex must be hold by caller void rrc::process_release_complete(uint16_t rnti) { rrc_log->info("Received Release Complete rnti=0x%x\n", rnti); @@ -758,6 +754,7 @@ void rrc::process_release_complete(uint16_t rnti) } } +///< user mutex lock must be hold by calling function void rrc::rem_user(uint16_t rnti) { auto user_it = users.find(rnti); @@ -948,7 +945,7 @@ void rrc::monitor_activity() if (user.first == SRSLTE_MRNTI) { continue; } - ue* u = (ue*)&user.second; + ue* u = user.second.get(); uint16_t rnti = (uint16_t)user.first; if (cnotifier && u->is_connected() && !u->connect_notified) {