AMF V2.2.0 crashes on decode failure
Bug Description:
OpenAirInterface AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs.
Steps to reproduce:
Launch AMF. Configuration used
config.yaml
Send this NGAP message (packet is in hex stream)
80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88
Expected behavior:
AMF should not crash and should respond with proper error message.
Environment:
- OpenAirInterface Version: v2.2.0
- OS: Ubuntu 22.04 Server
- Deployment: Docker
PCAP:
Details:
[2025-12-22 21:57:36.991] [ngap] [error] Decode NGAP message failed
==1013272==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x73de595fa630 in thread T4 #0 0x73de606b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x62398833353e in CHOICE_free /home/tasnim/oai-cn5g-amf/src/common-src/ngap/libngap/constr_CHOICE.c:181 #2 0x62398823e7c6 in oai::ngap::ngap_app::handle_receive(tagbstring*, unsigned int, unsigned short, unsigned short, unsigned short) /home/tasnim/oai-cn5g-amf/src/ngap/ngap_app.cpp:70 #3 0x6239882f5e8a in sctp::sctp_server::sctp_read_from_socket(int, unsigned int) /home/tasnim/oai-cn5g-amf/src/sctp/sctp_server.cpp:282 #4 0x6239882f50b1 in sctp::sctp_server::sctp_receiver_thread(void*) /home/tasnim/oai-cn5g-amf/src/sctp/sctp_server.cpp:198 #5 0x73de5ee94ac2 in start_thread nptl/pthread_create.c:442 #6 0x73de5ef268bf (/lib/x86_64-linux-gnu/libc.so.6+0x1268bf) Address 0x73de595fa630 is located in stack of thread T4 at offset 96 in frame #0 0x62398823e4cb in oai::ngap::ngap_app::handle_receive(tagbstring*, unsigned int, unsigned short, unsigned short, unsigned short) /home/tasnim/oai-cn5g-amf/src/ngap/ngap_app.cpp:56