From 1059a2fcd7c2039bf755ff15c0c6467c73de2186 Mon Sep 17 00:00:00 2001
From: Haruki NAOI <naoi.haruki@jp.fujitsu.com>
Date: Thu, 17 Jan 2019 20:12:11 +0900
Subject: [PATCH] Fix: release_harq segmentation fault.

---
 openair1/PHY/LTE_TRANSPORT/dlsch_coding.c     | 10 ++++-----
 openair1/PHY/LTE_TRANSPORT/dlsch_modulation.c | 12 +++++-----
 openair1/SCHED/fapi_l1.c                      | 20 +++++------------
 openair1/SCHED/phy_procedures_lte_eNb.c       | 22 ++++++++++++++-----
 4 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/openair1/PHY/LTE_TRANSPORT/dlsch_coding.c b/openair1/PHY/LTE_TRANSPORT/dlsch_coding.c
index b44a04eb742..b14b9af8327 100644
--- a/openair1/PHY/LTE_TRANSPORT/dlsch_coding.c
+++ b/openair1/PHY/LTE_TRANSPORT/dlsch_coding.c
@@ -384,9 +384,8 @@ int dlsch_encoding_2threads(PHY_VARS_eNB *eNB,
   unsigned int G;
   unsigned int crc=1;
   unsigned char harq_pid = dlsch->harq_ids[frame%2][subframe];
-
-  if(harq_pid >= dlsch->Mdlharq) {
-    LOG_E(PHY,"dlsch_encoding_2threads illegal harq_pid %d\n", harq_pid);
+  if((harq_pid < 0) || (harq_pid >= dlsch->Mdlharq)) {
+    LOG_E(PHY,"dlsch_encoding_2threads illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
     return(-1);
   }
 
@@ -676,9 +675,8 @@ int dlsch_encoding(PHY_VARS_eNB *eNB,
   unsigned int crc=1;
   LTE_DL_FRAME_PARMS *frame_parms = &eNB->frame_parms;
   unsigned char harq_pid = dlsch->harq_ids[frame%2][subframe];
-
-  if(harq_pid >= dlsch->Mdlharq) {
-    LOG_E(PHY,"dlsch_encoding illegal harq_pid %d\n", harq_pid);
+  if((harq_pid < 0) || (harq_pid >= dlsch->Mdlharq)) {
+    LOG_E(PHY,"dlsch_encoding illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
     return(-1);
   }
 
diff --git a/openair1/PHY/LTE_TRANSPORT/dlsch_modulation.c b/openair1/PHY/LTE_TRANSPORT/dlsch_modulation.c
index e8b56f3bdfe..8a3649cf872 100644
--- a/openair1/PHY/LTE_TRANSPORT/dlsch_modulation.c
+++ b/openair1/PHY/LTE_TRANSPORT/dlsch_modulation.c
@@ -2257,8 +2257,8 @@ int dlsch_modulation(PHY_VARS_eNB* phy_vars_eNB,
   if ((dlsch0 != NULL) && (dlsch1 != NULL)){
 
     harq_pid = dlsch0->harq_ids[frame%2][subframe_offset];
-    if(harq_pid >= dlsch0->Mdlharq) {
-      LOG_E(PHY,"illegal harq_pid %d\n", harq_pid);
+    if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq)) {
+      LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
       return(-1);
     }
     dlsch0_harq = dlsch0->harq_processes[harq_pid];
@@ -2278,8 +2278,8 @@ int dlsch_modulation(PHY_VARS_eNB* phy_vars_eNB,
   }else if ((dlsch0 != NULL) && (dlsch1 == NULL)){
 
     harq_pid = dlsch0->harq_ids[frame%2][subframe_offset];
-    if(harq_pid >= dlsch0->Mdlharq) {
-      LOG_E(PHY,"illegal harq_pid %d\n", harq_pid);
+    if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq)) {
+      LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
       return(-1);
     }
     dlsch0_harq = dlsch0->harq_processes[harq_pid];
@@ -2299,8 +2299,8 @@ int dlsch_modulation(PHY_VARS_eNB* phy_vars_eNB,
   }else if ((dlsch0 == NULL) && (dlsch1 != NULL)){
 
     harq_pid = dlsch1->harq_ids[frame%2][subframe_offset];
-    if(harq_pid >= dlsch1->Mdlharq) {
-      LOG_E(PHY,"illegal harq_pid %d\n", harq_pid);
+    if((harq_pid < 0) || (harq_pid >= dlsch1->Mdlharq)) {
+      LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
       return(-1);
     }
     dlsch1_harq = dlsch1->harq_processes[harq_pid];
diff --git a/openair1/SCHED/fapi_l1.c b/openair1/SCHED/fapi_l1.c
index b3111495324..046a44bd4bf 100644
--- a/openair1/SCHED/fapi_l1.c
+++ b/openair1/SCHED/fapi_l1.c
@@ -186,21 +186,11 @@ void handle_nfapi_dlsch_pdu(PHY_VARS_eNB *eNB,int frame,int subframe,L1_rxtx_pro
 
 #endif
   harq_pid        = dlsch0->harq_ids[proc->frame_tx%2][proc->subframe_tx];
-  AssertFatal((harq_pid>=0) && (harq_pid<8),"harq_pid %d not in 0...7 frame:%d subframe:%d subframe(TX):%d rnti:%x UE_id:%d dlsch0[harq_ids:%d:%d:%d:%d:%d:%d:%d:%d:%d:%d]\n",
-              harq_pid,
-              frame,subframe,
-              proc->subframe_tx,rel8->rnti,UE_id,
-              dlsch0->harq_ids[proc->frame_tx%2][0],
-              dlsch0->harq_ids[proc->frame_tx%2][1],
-              dlsch0->harq_ids[proc->frame_tx%2][2],
-              dlsch0->harq_ids[proc->frame_tx%2][3],
-              dlsch0->harq_ids[proc->frame_tx%2][4],
-              dlsch0->harq_ids[proc->frame_tx%2][5],
-              dlsch0->harq_ids[proc->frame_tx%2][6],
-              dlsch0->harq_ids[proc->frame_tx%2][7],
-              dlsch0->harq_ids[proc->frame_tx%2][8],
-              dlsch0->harq_ids[proc->frame_tx%2][9]
-             );
+  if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq)) {
+    LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
+    return;
+  }
+
   dlsch0_harq     = dlsch0->harq_processes[harq_pid];
   dlsch1_harq     = dlsch1->harq_processes[harq_pid];
   AssertFatal(dlsch0_harq!=NULL,"dlsch_harq is null\n");
diff --git a/openair1/SCHED/phy_procedures_lte_eNb.c b/openair1/SCHED/phy_procedures_lte_eNb.c
index 801bc8d4dc6..c6aa12fbbba 100644
--- a/openair1/SCHED/phy_procedures_lte_eNb.c
+++ b/openair1/SCHED/phy_procedures_lte_eNb.c
@@ -506,9 +506,14 @@ void phy_procedures_eNB_TX(PHY_VARS_eNB *eNB,
        ) {
       // get harq_pid
       harq_pid = dlsch0->harq_ids[frame%2][subframe];
-      AssertFatal(harq_pid>=0,"harq_pid is negative\n");
+	//AssertFatal(harq_pid>=0,"harq_pid is negative\n");
 
-      if (harq_pid>=8) {
+        if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq))
+        {
+          LOG_E(PHY,"harq_pid:%d corrupt must be 0-7 UE_id:%d frame:%d subframe:%d rnti:%x\n", harq_pid,UE_id,frame,subframe,dlsch0->rnti);
+        }
+        else
+        {
 #if (LTE_RRC_VERSION >= MAKE_VERSION(14, 0, 0))
 
         if (dlsch0->ue_type==0)
@@ -1512,8 +1517,10 @@ static void do_release_harq(PHY_VARS_eNB *eNB,
 
     harq_pid = dlsch0->harq_ids[frame_tx%2][subframe_tx];
 
-    AssertFatal((harq_pid >= 0) && (harq_pid < 8),"harq_pid %d not in 0...7\n", harq_pid);
-
+    if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq)) {
+      LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
+      return;
+    }
     dlsch0_harq = dlsch0->harq_processes[harq_pid];
     dlsch1_harq = dlsch1->harq_processes[harq_pid];
     
@@ -1562,7 +1569,10 @@ static void do_release_harq(PHY_VARS_eNB *eNB,
       if (((1 << m) & mask) > 0) {
         harq_pid = dlsch0->harq_ids[frame_tx%2][subframe_tx];
 
-        if ((harq_pid >= 0) && (harq_pid < dlsch0->Mdlharq)) {
+        if((harq_pid < 0) || (harq_pid >= dlsch0->Mdlharq)) {
+          LOG_E(PHY,"illegal harq_pid %d %s:%d\n", harq_pid, __FILE__, __LINE__);
+          return;
+        }
           dlsch0_harq = dlsch0->harq_processes[harq_pid];
           dlsch1_harq = dlsch1->harq_processes[harq_pid];
 
@@ -1631,7 +1641,7 @@ int getM(PHY_VARS_eNB *eNB,int frame,int subframe) {
 
     harq_pid = dlsch0->harq_ids[frame_tx%2][subframe_tx];
 
-    if (harq_pid>=0 && harq_pid<10) {
+    if (harq_pid>=0 && harq_pid<dlsch0->Mdlharq) {
       dlsch0_harq     = dlsch0->harq_processes[harq_pid];
       dlsch1_harq     = dlsch1->harq_processes[harq_pid];
       AssertFatal(dlsch0_harq!=NULL,"dlsch0_harq is null\n");
-- 
GitLab