NR UE Seg Fault rec_1560
In 2025.w45/openair2/RRC/NR_UE/rrc_UE.c, at line 826.
NR_RRCReconfiguration_v1560_IEs_t *rec_1560 = rec_1540->nonCriticalExtension;
if (rec_1560->sk_Counter) {
// TODO perform AS security key update procedure as specified in 5.3.5.7
LOG_E(NR_RRC, "RRCReconfiguration includes sk-Counter but this is not implemented yet\n");
}However, the ASN.1 definition for rec_1560 is an OPTIONAL field.
RRCReconfiguration-v1540-IEs ::= SEQUENCE {
otherConfig-v1540 OtherConfig-v1540 OPTIONAL, -- Need M
nonCriticalExtension RRCReconfiguration-v1560-IEs OPTIONAL
}
So there is a chance rec_1560 is NULL. Thus accessing the sk_Counter field would cause a Seg Fault.
For example, 04 08 0c 00 Or
<DL-DCCH-Message>
<message>
<c1>
<rrcReconfiguration>
<rrc-TransactionIdentifier>2</rrc-TransactionIdentifier>
<criticalExtensions>
<rrcReconfiguration>
<nonCriticalExtension>
<nonCriticalExtension>
<otherConfig-v1540/>
</nonCriticalExtension>
</nonCriticalExtension>
</rrcReconfiguration>
</criticalExtensions>
</rrcReconfiguration>
</c1>
</message>
</DL-DCCH-Message>Edited by XIAOTIAN ZHOU