FreeCalypso > hg > fc-magnetite
view src/gpf3/ccd/tdd_ci.c @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
| author | Mychaela Falconia <falcon@freecalypso.org> | 
|---|---|
| date | Sun, 22 Jul 2018 06:04:49 +0000 | 
| parents | c41a534f33c6 | 
| children | 
line wrap: on
 line source
/* +----------------------------------------------------------------------------- | Project : CCD | Modul : tdd_ci.c +----------------------------------------------------------------------------- | Copyright 2004 Texas Instruments Deutschland GmbH | All rights reserved. | | This file is confidential and a trade secret of Texas | Instruments Deutschland GmbH | The receipt of or possession of this file does not convey | any rights to reproduce or disclose its contents or to | manufacture, use, or sell anything it may describe, in | whole, or in part, without the specific written consent of | Texas Instruments Deutschland GmbH. +----------------------------------------------------------------------------- | Purpose : Definition of encoding and decoding functions for TDD_CI type +----------------------------------------------------------------------------- */ /* * standard definitions like GLOBAL, UCHAR, ERROR etc. */ #include "typedefs.h" #include "header.h" /* * Types and functions for bit access and manipulation */ #include "ccd_globs.h" /* * Prototypes of ccd internal functions */ #include "ccd.h" #include "bitfun.h" /* * Declaration of coder/decoder tables */ #include "ccdtable.h" /* * Function prototypes of CCD-CCDDATA interface */ #include "ccddata.h" #if !(defined (CCD_TEST)) #include "vsi.h" #endif #ifndef RUN_INT_RAM /* Attention: static data, only used in cdc_tdd_ci_decode */ static const U8 params_bSize[21] = { 0, 9, 17, 25, 32, 39, 46, 53, 59, 65, 71, 77, 83, 89, 95, 101, 106, 111, 116, 121, 126 }; /* +--------------------------------------------------------------------+ | PROJECT : CCD MODULE : cdc_tdd_ci_decode | +--------------------------------------------------------------------+ PURPOSE : Decoding of the TDD_CELL_INFORMATION Field reusing RANGE 511 format of frequency lists (with w0=0.). This field allows to compute a set of 9-bit-long TDD_CELL_INFORMATION aprameters. The IE is preceded by TDD_Indic0(1 bit) and made of the following two IEs: 1) NR_OF_TDD_CELLS(5 bit field), 2) TDD_CELL_INFORMATION information parameters TDD_Indic0 indicates if the parameter value '0000000000' is a member of the set. The total number of bits q of this field depends on the value of the parameter NR_OF_TDD_CELLS = m as follows (with q=0 if m=0): m q m q m q m q m q 0 0 5 39 10 71 15 101 20 126 1 9 6 46 11 77 16 106 21-31 0 2 17 7 53 12 83 17 111 3 25 8 59 13 89 18 116 4 32 9 65 14 95 19 121 The message is sent from net to MS and a MS supporting enhanced measurements has to understand it. The space this IE takes in the C-structure is made of a counter for the number of decoded parameter and an array of them. */ SHORT cdc_tdd_ci_decode (const ULONG c_ref, const ULONG e_ref, T_CCD_Globs *globs) { U8 ListSize = 0; U16 ListBitLen = 0; ULONG cix_ref, num_prolog_steps, prolog_step_ref; short *w; #ifdef DEBUG_CCD TRACE_CCD (globs, "cdc_tdd_ci_decode()"); #ifdef CCD_SYMBOLS TRACE_CCD (globs, "decoding list %s with range 512 format", ccddata_get_alias((USHORT) e_ref, 1)); #else TRACE_CCD (globs, "decoding list %d of range 512 format", melem[e_ref].elemRef); #endif #endif globs->SeekTLVExt = FALSE; cix_ref = melem[e_ref].calcIdxRef; num_prolog_steps = calcidx[cix_ref].numPrologSteps; prolog_step_ref = calcidx[cix_ref].prologStepRef; /* * if this element have a defined Prolog * we have to process it before decoding the bitstream */ if (num_prolog_steps) { ccd_performOperations (num_prolog_steps, prolog_step_ref, globs); } /* * First read NR_OF_TDD_CELLS (5 bits). */ globs->pstructOffs = melem[e_ref].structOffs;; bf_readBits (5, globs); ListSize = globs->pstruct[globs->pstructOffs++]; /* If n=0 there is nothing to do for this IE. */ if (!ListSize) { return 1; } /* Read the corresponding bit number or suppose the maximum length. */ if (ListSize <= 20) { ListBitLen = params_bSize [ListSize]; } else { /* If n>20 there is nothing to do for this IE. */ return 1; } /* * Bit size for params is bigger than the size of unread bits in the * message buffer. Danger: buffer overwriting! */ if ( ListBitLen > globs->maxBitpos - globs->bitpos) { ccd_recordFault (globs, ERR_ELEM_LEN, BREAK, (USHORT) e_ref, globs->pstruct + globs->pstructOffs); ListBitLen = (U16)(globs->maxBitpos - globs->bitpos); } /* * Use dynamic memory for calculation instead of global memory or stack. */ MALLOC (w, 257 * sizeof (U16)); /* * Decode the W-parameter. * As a rule for this type w(0) must be 0. */ w[0] = 0; cdc_decode_param (param_512+1, &w[1], ListBitLen, globs); /* * Decode and set the remaining channel number according the * algorithm described in GSM 4.08. */ cdc_decode_frequencies (511, &w[1], 0, TDD_CI_LIST, globs); /* Free the dynamic allocated memory. */ MFREE (w); return 1; } #endif /* !RUN_INT_RAM */ #ifndef RUN_INT_RAM /* +--------------------------------------------------------------------+ | PROJECT : CCD MODULE : cdc_tdd_ci_encode | +--------------------------------------------------------------------+ PURPOSE : Encoding function is not needed, since this message is sent from net to MS. It could be only useful for testing procedure if there were an encoder function at this place. This will be a future work. */ SHORT cdc_tdd_ci_encode (const ULONG c_ref, const ULONG e_ref, T_CCD_Globs *globs) { #ifdef DEBUG_CCD TRACE_CCD (globs, "cdc_tdd_ci_encode()"); #endif #ifdef TARGET_WIN32 /* TBD */ #endif return 1; } #endif /* !RUN_INT_RAM */
