-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sample rate converter #3
Labels
Comments
ghost
assigned suttonpd
Jan 30, 2014
aleksander0m
added a commit
to aleksander0m/srsLTE
that referenced
this issue
Nov 14, 2019
If recv() fails and returns -1, we should not treat that as a received PDU in any case, or we'll end up with N_bytes being 0xFFFFFFFF after casting -1 as an unsigned integer. So, if we detect disconnection and we successfully reconnect, fallback to running recv() again right away. Thread 37 "S1AP" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff9c879700 (LWP 11443)] 0x000000000081d669 in liblte_value_2_bits (value=160, bits=0x7fff9c73ec30, N_bits=8) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:64 64 (*bits)[i] = (value >> (N_bits - i - 1)) & 0x1; (gdb) bt #0 0x000000000081d669 in liblte_value_2_bits (value=160, bits=0x7fff9c73ec30, N_bits=8) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:64 srsran#1 0x000000000081d831 in liblte_unpack (bytes=0x148c7c80, bits=0x7fff9c73ec80) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:118 srsran#2 0x000000000087dee3 in liblte_s1ap_unpack_s1ap_pdu (msg=0x148c7c80, s1ap_pdu=0x7fff9c757f50) at /home/aleksander/srsLTE/lib/src/asn1/liblte_s1ap.cc:40300 srsran#3 0x0000000000000000 in ?? () (gdb) fr 2 srsran#2 0x000000000087dee3 in liblte_s1ap_unpack_s1ap_pdu (msg=0x148c7c80, s1ap_pdu=0x7fff9c757f50) at /home/aleksander/srsLTE/lib/src/asn1/liblte_s1ap.cc:40300 40300 liblte_unpack(msg, &bit_msg); (gdb) p *msg $22 = {N_bytes = 4294967295, header = '\000' <repeats 1019 times>, msg = '\000' <repeats 12240 times>...}
aleksander0m
added a commit
to aleksander0m/srsLTE
that referenced
this issue
Nov 14, 2019
If recv() fails and returns -1, we should not treat that as a received PDU in any case, or we'll end up with N_bytes being 0xFFFFFFFF after casting -1 as an unsigned integer. So, if we detect disconnection and we successfully reconnect, fallback to running recv() again right away. Thread 37 "S1AP" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff9c879700 (LWP 11443)] 0x000000000081d669 in liblte_value_2_bits (value=160, bits=0x7fff9c73ec30, N_bits=8) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:64 64 (*bits)[i] = (value >> (N_bits - i - 1)) & 0x1; (gdb) bt #0 0x000000000081d669 in liblte_value_2_bits (value=160, bits=0x7fff9c73ec30, N_bits=8) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:64 srsran#1 0x000000000081d831 in liblte_unpack (bytes=0x148c7c80, bits=0x7fff9c73ec80) at /home/aleksander/srsLTE/lib/src/asn1/liblte_common.cc:118 srsran#2 0x000000000087dee3 in liblte_s1ap_unpack_s1ap_pdu (msg=0x148c7c80, s1ap_pdu=0x7fff9c757f50) at /home/aleksander/srsLTE/lib/src/asn1/liblte_s1ap.cc:40300 srsran#3 0x0000000000000000 in ?? () (gdb) fr 2 srsran#2 0x000000000087dee3 in liblte_s1ap_unpack_s1ap_pdu (msg=0x148c7c80, s1ap_pdu=0x7fff9c757f50) at /home/aleksander/srsLTE/lib/src/asn1/liblte_s1ap.cc:40300 40300 liblte_unpack(msg, &bit_msg); (gdb) p *msg $22 = {N_bytes = 4294967295, header = '\000' <repeats 1019 times>, msg = '\000' <repeats 12240 times>...}
andrepuschmann
added a commit
that referenced
this issue
Apr 22, 2021
this fixes a potential access of invalid PHY or MAC metrics by checking the user entry actually exists. the RFCI has shown this error: ------DL--------------------------------UL------------------------------------ rnti cqi ri mcs brate ok nok (%) snr phr mcs brate ok nok (%) bsr ASAN:DEADLYSIGNAL ================================================================= m==31838==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x555d482b6893 bp 0x7f6ac32d1160 sp 0x7f6ac32d0bc0 T21) ==31838==The signal is caused by a READ memory access. ==31838==Hint: address points to the zero page. #0 0x555d482b6892 in srsenb::metrics_stdout::set_metrics(srsenb::enb_metrics_t const&, unsigned int) /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/srsenb/src/metrics_stdout.cc:101 #1 0x555d482865f1 in srslte::metrics_hub<srsenb::enb_metrics_t>::run_period() /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/metrics_hub.h:88 #2 0x555d482865f1 in srslte::periodic_thread::run_thread() /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/threads.h:143 #3 0x555d4826813d in srslte::thread::thread_function_entry(void*) /mnt/data/jenkins/workspace/srslte_dev_ogt_zmq_nightly/srsLTE/lib/include/srslte/common/threads.h:102 #4 0x7f6b0dc546da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #5 0x7f6b0bf0171e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)
andrepuschmann
added a commit
that referenced
this issue
Apr 22, 2021
attempt to address ASAN detected issue: RACH: tti=821, cc=3, preamble=11, offset=0, temp_crnti=0x47 ASAN:DEADLYSIGNAL ================================================================= m==25385==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000024 (pc 0x564b19a26c93 bp 0x7fa0e5f1a8c0 sp 0x7fa0e5f1a798 T8) ==25385==The signal is caused by a WRITE memory access. ==25385==Hint: address points to the zero page. ------DL--------------------------------UL------------------------------------ rnti cqi ri mcs brate ok nok (%) snr phr mcs brate ok nok (%) bsr 46 0.10 0 0.0 0 0 0 0% 0 0.0 0 0 0 0 0% 0.0 47 0.10 0 0.0 0 0 0 0% 0 0.0 0 0 0 0 0% 0.0 #0 0x564b19a26c92 in srslte::rar_subh::set_ta_cmd(unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/lib/src/mac/pdu.cc:1136 #1 0x564b19577f7e in srsenb::mac::assemble_rar(srsenb::sched_interface::dl_sched_rar_grant_t*, unsigned int, int, unsigned int, unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:837 #2 0x564b19591765 in srsenb::mac::get_dl_sched(unsigned int, std::vector<srsenb::mac_interface_phy_lte::dl_sched_t, std::allocator<srsenb::mac_interface_phy_lte::dl_sched_t> >&) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:653 #3 0x564b19497ee2 in srsenb::lte::sf_worker::work_imp() /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/phy/lte/sf_worker.cc:208 #4 0x564b199f8db4 in
andrepuschmann
added a commit
that referenced
this issue
Oct 21, 2021
fixes stack use after free detected by ASAN 2021-08-31T17:21:44.885938 [MAC-NR ] [D] [ 0] Building new MAC PDU (9 B) ==10908==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc481b5340 at pc 0x563c0486d489 bp 0x7ffc481b4470 sp 0x7ffc481b4460 READ of size 1 at 0x7ffc481b5340 thread T0 #0 0x563c0486d488 in srsran::mac_sch_subpdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x139488) #1 0x563c0486db87 in srsran::mac_sch_pdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x139b87) #2 0x563c0481c127 in srsue::mux_nr::get_pdu(unsigned int) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0xe8127) #3 0x563c0484e62b in srsue::ul_harq_entity_nr::ul_harq_process_nr::new_grant_ul(srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, bool const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x11a62b) #4 0x563c04850de4 in srsue::ul_harq_entity_nr::new_grant_ul(srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x11cde4) #5 0x563c047bb004 in srsue::mac_nr::new_grant_ul(unsigned int, srsue::mac_interface_phy_nr::mac_nr_grant_ul_t const&, srsue::mac_interface_phy_nr::tb_action_ul_t*) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x87004) #6 0x563c04760cdc in msg3_test() (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2ccdc) #7 0x563c0475f762 in main (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2b762) #8 0x7fae1cf400b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #9 0x563c047601bd in _start (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x2c1bd) Address 0x7ffc481b5340 is located in stack of thread T0 at offset 320 in frame #0 0x563c0486d78f in srsran::mac_sch_pdu_nr::to_string(fmt::v7::basic_memory_buffer<char, 500ul, std::allocator<char> >&) (/home/ubuntu/workspace/srslte_ubuntu_20.04_pull_request/srslte/build/srsue/src/stack/mac_nr/test/mac_nr_test+0x13978f)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: