fix mem leaks in RRC after ASN1 unpacking failed

master
Andre Puschmann 6 years ago
parent 3842beab0f
commit 507e2deaa3

@ -1956,20 +1956,25 @@ void rrc::handle_sib13()
* *
* *
*******************************************************************************/ *******************************************************************************/
void rrc::write_pdu_pcch(byte_buffer_t *pdu) { void rrc::write_pdu_pcch(byte_buffer_t* pdu)
{
cmd_msg_t msg; cmd_msg_t msg;
msg.pdu = pdu; msg.pdu = pdu;
msg.command = cmd_msg_t::PCCH; msg.command = cmd_msg_t::PCCH;
cmd_q.push(msg); cmd_q.push(msg);
} }
void rrc::process_pcch(byte_buffer_t *pdu) { void rrc::process_pcch(byte_buffer_t* pdu)
{
if (pdu->N_bytes > 0 && pdu->N_bytes < SRSLTE_MAX_BUFFER_SIZE_BITS) { if (pdu->N_bytes > 0 && pdu->N_bytes < SRSLTE_MAX_BUFFER_SIZE_BITS) {
pcch_msg_s pcch_msg; pcch_msg_s pcch_msg;
asn1::bit_ref bref(pdu->msg, pdu->N_bytes); asn1::bit_ref bref(pdu->msg, pdu->N_bytes);
pcch_msg.unpack(bref); if (pcch_msg.unpack(bref) != asn1::SRSASN_SUCCESS) {
rrc_log->error("Failed to unpack PCCH message\n");
goto exit;
}
log_rrc_message("PCCH", Rx, pdu, pcch_msg); log_rrc_message("PCCH", Rx, pdu, pcch_msg);
pool->deallocate(pdu);
paging_s* paging = &pcch_msg.msg.c1().paging(); paging_s* paging = &pcch_msg.msg.c1().paging();
if (paging->paging_record_list.size() > ASN1_RRC_MAX_PAGE_REC) { if (paging->paging_record_list.size() > ASN1_RRC_MAX_PAGE_REC) {
@ -1978,7 +1983,7 @@ void rrc::process_pcch(byte_buffer_t *pdu) {
if (not ue_identity_configured) { if (not ue_identity_configured) {
rrc_log->warning("Received paging message but no ue-Identity is configured\n"); rrc_log->warning("Received paging message but no ue-Identity is configured\n");
return; goto exit;
} }
s_tmsi_s* s_tmsi_paged; s_tmsi_s* s_tmsi_paged;
@ -2010,7 +2015,11 @@ void rrc::process_pcch(byte_buffer_t *pdu) {
rrc_log->error("While obtaining SIBs of serving cell.\n"); rrc_log->error("While obtaining SIBs of serving cell.\n");
} }
} }
} else {
rrc_log->error_hex(pdu->buffer, pdu->N_bytes, "Dropping PCCH message with %d B\n", pdu->N_bytes);
} }
exit:
pool->deallocate(pdu);
} }
void rrc::write_pdu_mch(uint32_t lcid, srslte::byte_buffer_t *pdu) void rrc::write_pdu_mch(uint32_t lcid, srslte::byte_buffer_t *pdu)
@ -2019,14 +2028,17 @@ void rrc::write_pdu_mch(uint32_t lcid, srslte::byte_buffer_t *pdu)
//TODO: handle MCCH notifications and update MCCH //TODO: handle MCCH notifications and update MCCH
if(0 == lcid && !serving_cell->has_mcch) { if(0 == lcid && !serving_cell->has_mcch) {
asn1::bit_ref bref(pdu->msg, pdu->N_bytes); asn1::bit_ref bref(pdu->msg, pdu->N_bytes);
serving_cell->mcch.unpack(bref); if (serving_cell->mcch.unpack(bref) != asn1::SRSASN_SUCCESS) {
rrc_log->error("Failed to unpack MCCH message\n");
goto exit;
}
serving_cell->has_mcch = true; serving_cell->has_mcch = true;
phy->set_config_mbsfn_mcch(&serving_cell->mcch); phy->set_config_mbsfn_mcch(&serving_cell->mcch);
log_rrc_message("MCH", Rx, pdu, serving_cell->mcch); log_rrc_message("MCH", Rx, pdu, serving_cell->mcch);
} }
pool->deallocate(pdu);
} }
exit:
pool->deallocate(pdu);
} }
@ -2112,6 +2124,7 @@ void rrc::write_pdu(uint32_t lcid, byte_buffer_t* pdu)
asn1::rrc::dl_ccch_msg_s dl_ccch_msg; asn1::rrc::dl_ccch_msg_s dl_ccch_msg;
if (dl_ccch_msg.unpack(bref) != asn1::SRSASN_SUCCESS) { if (dl_ccch_msg.unpack(bref) != asn1::SRSASN_SUCCESS) {
rrc_log->error("Failed to unpack DL-CCCH message\n"); rrc_log->error("Failed to unpack DL-CCCH message\n");
pool->deallocate(pdu);
return; return;
} }
if (dl_ccch_msg.msg.c1().type() == dl_ccch_msg_type_c::c1_c_::types::rrc_conn_setup) { if (dl_ccch_msg.msg.c1().type() == dl_ccch_msg_type_c::c1_c_::types::rrc_conn_setup) {
@ -2206,6 +2219,7 @@ void rrc::parse_dl_dcch(uint32_t lcid, byte_buffer_t* pdu)
asn1::rrc::dl_dcch_msg_s dl_dcch_msg; asn1::rrc::dl_dcch_msg_s dl_dcch_msg;
if (dl_dcch_msg.unpack(bref) != asn1::SRSASN_SUCCESS) { if (dl_dcch_msg.unpack(bref) != asn1::SRSASN_SUCCESS) {
rrc_log->error("Failed to unpack DL-DCCH message\n"); rrc_log->error("Failed to unpack DL-DCCH message\n");
pool->deallocate(pdu);
return; return;
} }
log_rrc_message(get_rb_name(lcid).c_str(), Rx, pdu, dl_dcch_msg); log_rrc_message(get_rb_name(lcid).c_str(), Rx, pdu, dl_dcch_msg);

Loading…
Cancel
Save