From 4e434ecf4594976bca2ab821333cc7418d505f5c Mon Sep 17 00:00:00 2001
From: Roberto Louro Magueta <rmagueta@allbesmart.pt>
Date: Fri, 26 Aug 2022 11:04:04 +0100
Subject: [PATCH] Fix buffer overflow for SRS

---
 openair1/PHY/NR_ESTIMATION/nr_ul_channel_estimation.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/openair1/PHY/NR_ESTIMATION/nr_ul_channel_estimation.c b/openair1/PHY/NR_ESTIMATION/nr_ul_channel_estimation.c
index 2dc368fdb04..2ba020f7ccd 100644
--- a/openair1/PHY/NR_ESTIMATION/nr_ul_channel_estimation.c
+++ b/openair1/PHY/NR_ESTIMATION/nr_ul_channel_estimation.c
@@ -994,7 +994,11 @@ int nr_srs_channel_estimation(const PHY_VARS_gNB *gNB,
   while(((long)&srs_estimated_channel_freq[0][nr_srs_info->sc_list[0] + mem_offset] & 0xF) != 0) {
     mem_offset++;
   }
-  int32_t srs_est[frame_parms->ofdm_symbol_size*(1<<srs_pdu->num_symbols) + mem_offset] __attribute__ ((aligned(32)));
+  // filt16_end is {4096,8192,8192,8192,12288,16384,16384,16384,0,0,0,0,0,0,0,0}
+  // The End of OFDM symbol corresponds to the position of last 16384 in the filter
+  // The multadd_real_vector_complex_scalar applies the remaining 8 zeros of filter, therefore, to avoid a buffer overflow,
+  // we added 8 in the array size
+  int32_t srs_est[frame_parms->ofdm_symbol_size*(1<<srs_pdu->num_symbols) + mem_offset + 8] __attribute__ ((aligned(32)));
 
   for (int ant = 0; ant < frame_parms->nb_antennas_rx; ant++) {
 
-- 
GitLab