From f0a8a0b3b5f900bed3e09428c5e1637c6879d741 Mon Sep 17 00:00:00 2001
From: Lionel Gauthier <lionel.gauthier@eurecom.fr>
Date: Thu, 9 Apr 2015 09:22:54 +0000
Subject: [PATCH] 
 patches13/0026-fix-sigsegv-suspicious-use-of-N_TA-offset.patch

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@7072 818b1a75-f10b-46b9-bf7c-635c3b92a50f
---
 targets/RT/USER/lte-ue.c | 57 ++++++++++++++++++++--------------------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/targets/RT/USER/lte-ue.c b/targets/RT/USER/lte-ue.c
index e4dda83ae1..d9f8e890f9 100644
--- a/targets/RT/USER/lte-ue.c
+++ b/targets/RT/USER/lte-ue.c
@@ -1518,9 +1518,9 @@ void fill_ue_band_info(void) {
 int setup_ue_buffers(PHY_VARS_UE **phy_vars_ue, openair0_config_t *openair0_cfg, openair0_rf_map rf_map[MAX_NUM_CCs])
 {
 
-#ifndef EXMIMO
-  uint16_t N_TA_offset = 0;
-#endif
+//#ifndef EXMIMO
+//  uint16_t N_TA_offset = 0;
+//#endif
 
   int i, CC_id;
   LTE_DL_FRAME_PARMS *frame_parms;
@@ -1534,16 +1534,16 @@ int setup_ue_buffers(PHY_VARS_UE **phy_vars_ue, openair0_config_t *openair0_cfg,
     }
 
 
-#ifndef EXMIMO
-    if (frame_parms->frame_type == TDD) {
-      if (frame_parms->N_RB_DL == 100)
-	N_TA_offset = 624;
-      else if (frame_parms->N_RB_DL == 50)
-	N_TA_offset = 624/2;
-      else if (frame_parms->N_RB_DL == 25)
-	N_TA_offset = 624/4;
-    }
-#endif
+//#ifndef EXMIMO
+//    if (frame_parms->frame_type == TDD) {
+//      if (frame_parms->N_RB_DL == 100)
+//	N_TA_offset = 624;
+//      else if (frame_parms->N_RB_DL == 50)
+//	N_TA_offset = 624/2;
+//      else if (frame_parms->N_RB_DL == 25)
+//	N_TA_offset = 624/4;
+//    }
+//#endif
    
 #ifdef EXMIMO
     openair0_cfg[CC_id].tx_num_channels = 0;
@@ -1586,25 +1586,26 @@ int setup_ue_buffers(PHY_VARS_UE **phy_vars_ue, openair0_config_t *openair0_cfg,
   
 #else
     // replace RX signal buffers with mmaped HW versions
-    rxdata = (int32_t**)malloc16(frame_parms->nb_antennas_rx*sizeof(int32_t*));
-    txdata = (int32_t**)malloc16(frame_parms->nb_antennas_tx*sizeof(int32_t*));
-    for (i=0;i<frame_parms->nb_antennas_rx;i++) {
-      printf("Mapping UE CC_id %d, rx_ant %d, freq %u on card %d, chain %d\n",CC_id,i,downlink_frequency[CC_id][i],rf_map[CC_id].card,rf_map[CC_id].chain+i);
-      free(phy_vars_ue[CC_id]->lte_ue_common_vars.rxdata[i]);
-      rxdata[i] = (int32_t*)malloc16(samples_per_frame*sizeof(int32_t));
-      phy_vars_ue[CC_id]->lte_ue_common_vars.rxdata[i] = rxdata[i]-N_TA_offset; // N_TA offset for TDD
+    rxdata = (int32_t**)malloc16( frame_parms->nb_antennas_rx*sizeof(int32_t*) );
+    txdata = (int32_t**)malloc16( frame_parms->nb_antennas_tx*sizeof(int32_t*) );
+    for (i=0; i<frame_parms->nb_antennas_rx; i++) {
+      printf( "Mapping UE CC_id %d, rx_ant %d, freq %u on card %d, chain %d\n", CC_id, i, downlink_frequency[CC_id][i], rf_map[CC_id].card, rf_map[CC_id].chain+i );
+      free( phy_vars_ue[CC_id]->lte_ue_common_vars.rxdata[i] );
+      rxdata[i] = (int32_t*)malloc16_clear( samples_per_frame*sizeof(int32_t) );
+      phy_vars_ue[CC_id]->lte_ue_common_vars.rxdata[i] = rxdata[i]; // what about the "-N_TA_offset" ? // N_TA offset for TDD
     }
-    for (i=0;i<frame_parms->nb_antennas_tx;i++) {
-      printf("Mapping UE CC_id %d, tx_ant %d, freq %u on card %d, chain %d\n",CC_id,i,downlink_frequency[CC_id][i],rf_map[CC_id].card,rf_map[CC_id].chain+i);
-      free(phy_vars_ue[CC_id]->lte_ue_common_vars.txdata[i]);
-      txdata[i] = (int32_t*)malloc16(samples_per_frame*sizeof(int32_t));
+    for (i=0; i<frame_parms->nb_antennas_tx; i++) {
+      printf( "Mapping UE CC_id %d, tx_ant %d, freq %u on card %d, chain %d\n", CC_id, i, downlink_frequency[CC_id][i], rf_map[CC_id].card, rf_map[CC_id].chain+i );
+      free( phy_vars_ue[CC_id]->lte_ue_common_vars.txdata[i] );
+      txdata[i] = (int32_t*)malloc16_clear( samples_per_frame*sizeof(int32_t) );
       phy_vars_ue[CC_id]->lte_ue_common_vars.txdata[i] = txdata[i];
-      memset(txdata[i], 0, samples_per_frame*sizeof(int32_t));
     }
-    
+    // rxdata[x] points now to the same memory region as phy_vars_ue[CC_id]->lte_ue_common_vars.rxdata[x]
+    // txdata[x] points now to the same memory region as phy_vars_ue[CC_id]->lte_ue_common_vars.txdata[x]
+    // be careful when releasing memory!
+    // because no "release_ue_buffers"-function is available, at least rxdata and txdata memory will leak (only some bytes)
 #endif
     
   }
-  return(0);
-
+  return 0;
 }
-- 
GitLab