From 4575a9e610291846176e3e98a3ca69881738a810 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Tue, 6 Mar 2018 15:20:23 +0100 Subject: [PATCH] add further checks for pool allocate return in srsENB and RLC UM/TM --- lib/src/upper/rlc_tm.cc | 12 ++++++++---- lib/src/upper/rlc_um.cc | 23 ++++++++++++++++++++++- srsenb/src/upper/gtpu.cc | 4 ++++ srsenb/src/upper/s1ap.cc | 32 ++++++++++++++++++++++++++++---- 4 files changed, 62 insertions(+), 9 deletions(-) diff --git a/lib/src/upper/rlc_tm.cc b/lib/src/upper/rlc_tm.cc index bcf3cd20a..b9d41d3f2 100644 --- a/lib/src/upper/rlc_tm.cc +++ b/lib/src/upper/rlc_tm.cc @@ -125,10 +125,14 @@ int rlc_tm::read_pdu(uint8_t *payload, uint32_t nof_bytes) void rlc_tm::write_pdu(uint8_t *payload, uint32_t nof_bytes) { byte_buffer_t *buf = pool_allocate; - memcpy(buf->msg, payload, nof_bytes); - buf->N_bytes = nof_bytes; - buf->set_timestamp(); - pdcp->write_pdu(lcid, buf); + if (buf) { + memcpy(buf->msg, payload, nof_bytes); + buf->N_bytes = nof_bytes; + buf->set_timestamp(); + pdcp->write_pdu(lcid, buf); + } else { + log->error("Fatal Error: Couldn't allocate buffer in rlc_tm::write_pdu().\n"); + } } } // namespace srsue diff --git a/lib/src/upper/rlc_um.cc b/lib/src/upper/rlc_um.cc index a365a4501..647494552 100644 --- a/lib/src/upper/rlc_um.cc +++ b/lib/src/upper/rlc_um.cc @@ -448,8 +448,13 @@ void rlc_um::handle_data_pdu(uint8_t *payload, uint32_t nof_bytes) void rlc_um::reassemble_rx_sdus() { - if(!rx_sdu) + if(!rx_sdu) { rx_sdu = pool_allocate; + if (!rx_sdu) { + log->error("Fatal Error: Couldn't allocate buffer in rlc_um::reassemble_rx_sdus().\n"); + return; + } + } // First catch up with lower edge of reordering window while(!inside_reordering_window(vr_ur)) @@ -474,6 +479,10 @@ void rlc_um::reassemble_rx_sdus() rx_sdu->set_timestamp(); pdcp->write_pdu(lcid, rx_sdu); rx_sdu = pool_allocate; + if (!rx_sdu) { + log->error("Fatal Error: Couldn't allocate buffer in rlc_um::reassemble_rx_sdus().\n"); + return; + } } pdu_lost = false; } @@ -494,6 +503,10 @@ void rlc_um::reassemble_rx_sdus() rx_sdu->set_timestamp(); pdcp->write_pdu(lcid, rx_sdu); rx_sdu = pool_allocate; + if (!rx_sdu) { + log->error("Fatal Error: Couldn't allocate buffer in rlc_um::reassemble_rx_sdus().\n"); + return; + } } pdu_lost = false; } @@ -528,6 +541,10 @@ void rlc_um::reassemble_rx_sdus() rx_sdu->set_timestamp(); pdcp->write_pdu(lcid, rx_sdu); rx_sdu = pool_allocate; + if (!rx_sdu) { + log->error("Fatal Error: Couldn't allocate buffer in rlc_um::reassemble_rx_sdus().\n"); + return; + } } pdu_lost = false; } @@ -557,6 +574,10 @@ void rlc_um::reassemble_rx_sdus() rx_sdu->set_timestamp(); pdcp->write_pdu(lcid, rx_sdu); rx_sdu = pool_allocate; + if (!rx_sdu) { + log->error("Fatal Error: Couldn't allocate buffer in rlc_um::reassemble_rx_sdus().\n"); + return; + } } pdu_lost = false; } diff --git a/srsenb/src/upper/gtpu.cc b/srsenb/src/upper/gtpu.cc index 53b7cffdb..2336f9047 100644 --- a/srsenb/src/upper/gtpu.cc +++ b/srsenb/src/upper/gtpu.cc @@ -195,6 +195,10 @@ void gtpu::rem_user(uint16_t rnti) void gtpu::run_thread() { byte_buffer_t *pdu = pool_allocate; + if (!pdu) { + gtpu_log->error("Fatal Error: Couldn't allocate buffer in gtpu::run_thread().\n"); + return; + } run_enable = true; running=true; diff --git a/srsenb/src/upper/s1ap.cc b/srsenb/src/upper/s1ap.cc index 44a564d09..a3d937a57 100644 --- a/srsenb/src/upper/s1ap.cc +++ b/srsenb/src/upper/s1ap.cc @@ -88,6 +88,10 @@ void s1ap::get_metrics(s1ap_metrics_t &m) void s1ap::run_thread() { srslte::byte_buffer_t *pdu = pool_allocate; + if (!pdu) { + s1ap_log->error("Fatal Error: Couldn't allocate buffer in s1ap::run_thread().\n"); + return; + } uint32_t sz = SRSLTE_MAX_BUFFER_SIZE_BYTES - SRSLTE_BUFFER_HEADER_OFFSET; running = true; @@ -514,10 +518,15 @@ bool s1ap::handle_dlnastransport(LIBLTE_S1AP_MESSAGE_DOWNLINKNASTRANSPORT_STRUCT } srslte::byte_buffer_t *pdu = pool_allocate; - memcpy(pdu->msg, msg->NAS_PDU.buffer, msg->NAS_PDU.n_octets); - pdu->N_bytes = msg->NAS_PDU.n_octets; - rrc->write_dl_info(rnti, pdu); - return true; + if (pdu) { + memcpy(pdu->msg, msg->NAS_PDU.buffer, msg->NAS_PDU.n_octets); + pdu->N_bytes = msg->NAS_PDU.n_octets; + rrc->write_dl_info(rnti, pdu); + return true; + } else { + s1ap_log->error("Fatal Error: Couldn't allocate buffer in s1ap::run_thread().\n"); + return false; + } } bool s1ap::handle_initialctxtsetuprequest(LIBLTE_S1AP_MESSAGE_INITIALCONTEXTSETUPREQUEST_STRUCT *msg) @@ -850,6 +859,11 @@ bool s1ap::send_initial_ctxt_setup_response(uint16_t rnti, LIBLTE_S1AP_MESSAGE_I return false; } srslte::byte_buffer_t *buf = pool_allocate; + if (!buf) { + s1ap_log->error("Fatal Error: Couldn't allocate buffer in s1ap::send_initial_ctxt_setup_response().\n"); + return false; + } + LIBLTE_S1AP_S1AP_PDU_STRUCT tx_pdu; tx_pdu.ext = false; @@ -896,6 +910,11 @@ bool s1ap::send_erab_setup_response(uint16_t rnti, LIBLTE_S1AP_MESSAGE_E_RABSETU return false; } srslte::byte_buffer_t *buf = pool_allocate; + if (!buf) { + s1ap_log->error("Fatal Error: Couldn't allocate buffer in s1ap::send_erab_setup_response().\n"); + return false; + } + LIBLTE_S1AP_S1AP_PDU_STRUCT tx_pdu; tx_pdu.ext = false; @@ -942,6 +961,11 @@ bool s1ap::send_initial_ctxt_setup_failure(uint16_t rnti) return false; } srslte::byte_buffer_t *buf = pool_allocate; + if (!buf) { + s1ap_log->error("Fatal Error: Couldn't allocate buffer in s1ap::send_initial_ctxt_setup_failure().\n"); + return false; + } + LIBLTE_S1AP_S1AP_PDU_STRUCT tx_pdu; tx_pdu.ext = false; tx_pdu.choice_type = LIBLTE_S1AP_S1AP_PDU_CHOICE_UNSUCCESSFULOUTCOME;