diff --git a/lib/src/phy/phch/dci.c b/lib/src/phy/phch/dci.c index 7bb2f9c19..a5de451ce 100644 --- a/lib/src/phy/phch/dci.c +++ b/lib/src/phy/phch/dci.c @@ -73,7 +73,9 @@ int srslte_dci_msg_to_dl_grant(srslte_dci_msg_t *msg, uint16_t msg_rnti, } if (!dl_dci->is_ra_order) { - srslte_ra_dl_dci_to_grant(dl_dci, nof_prb, msg_rnti, grant); + if (srslte_ra_dl_dci_to_grant(dl_dci, nof_prb, msg_rnti, grant)) { + return ret; + } if (SRSLTE_VERBOSE_ISINFO()) { srslte_ra_pdsch_fprint(stdout, dl_dci, nof_prb); diff --git a/lib/src/phy/phch/ra.c b/lib/src/phy/phch/ra.c index a73c5d2e9..f5045ff15 100644 --- a/lib/src/phy/phch/ra.c +++ b/lib/src/phy/phch/ra.c @@ -313,6 +313,10 @@ int srslte_ra_dl_dci_to_grant_prb_allocation(srslte_ra_dl_dci_t *dci, srslte_ra_ memcpy(&grant->prb_idx[1], &grant->prb_idx[0], SRSLTE_MAX_PRB*sizeof(bool)); break; case SRSLTE_RA_ALLOC_TYPE1: + // Make sure the rbg_subset is valid + if (dci->type1_alloc.rbg_subset >= P) { + return SRSLTE_ERROR; + } n_rb_type1 = srslte_ra_type1_N_rb(nof_prb); uint32_t temp = ((nof_prb - 1) / P) % P; if (dci->type1_alloc.rbg_subset < temp) {