[Openlte-discuss] [Patch] Fixed strict aliasing violation in LTE_fdd_enb_gw::receive_thread()

[Damian J. <dam...@ti...>]

Dereferencing the type-punned ip_pkt pointer caused Undefined Behavior due
to strict aliasing rule violation. Here's a patch that fixes it using
memcpy (which is strict aliasing safe):



>From 093809405004da5cfa9a529de4c14268f2f5a016 Mon Sep 17 00:00:00 2001
From: Damian Jarek <dam...@ti...>
Date: Tue, 8 Sep 2015 9:04:30 +0200
Subject: [PATCH] Fix strict aliasing violation.

Type-punning a pointer in LTE_fdd_enb_gw::receive_thread() with a
C-style cast to an unrelated type caused Undefined Behavior
when it was dereferenced.
---
 LTE_fdd_enodeb/src/LTE_fdd_enb_gw.cc |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/LTE_fdd_enodeb/src/LTE_fdd_enb_gw.cc
b/LTE_fdd_enodeb/src/LTE_fdd_enb_gw.cc
index c4ff44c..d4191c0 100644
--- a/LTE_fdd_enodeb/src/LTE_fdd_enb_gw.cc
+++ b/LTE_fdd_enodeb/src/LTE_fdd_enb_gw.cc
@@ -280,7 +280,7 @@ void* LTE_fdd_enb_gw::receive_thread(void *inputs)
     LTE_fdd_enb_user_mgr                       *user_mgr  =
LTE_fdd_enb_user_mgr::get_instance();
     LTE_FDD_ENB_PDCP_DATA_SDU_READY_MSG_STRUCT  pdcp_data_sdu;
     LIBLTE_BYTE_MSG_STRUCT                      msg;
-    struct iphdr                               *ip_pkt;
+    struct iphdr                                ip_pkt;
     uint32                                      idx = 0;
     int32                                       N_bytes;

@@ -291,13 +291,13 @@ void* LTE_fdd_enb_gw::receive_thread(void *inputs)
         if(N_bytes > 0)
         {
             msg.N_bytes = idx + N_bytes;
-            ip_pkt      = (struct iphdr*)msg.msg;
+            memcpy(&ip_pkt, msg.msg, sizeof(iphdr));

             // Check if entire packet was received
-            if(ntohs(ip_pkt->tot_len) == msg.N_bytes)
+            if(ntohs(ip_pkt.tot_len) == msg.N_bytes)
             {
                 // Find user and rb
-                if(LTE_FDD_ENB_ERROR_NONE ==
user_mgr->find_user(ntohl(ip_pkt->daddr), &pdcp_data_sdu.user) &&
+                if(LTE_FDD_ENB_ERROR_NONE ==
user_mgr->find_user(ntohl(ip_pkt.daddr), &pdcp_data_sdu.user) &&
                    LTE_FDD_ENB_ERROR_NONE ==
pdcp_data_sdu.user->get_drb(LTE_FDD_ENB_RB_DRB1, &pdcp_data_sdu.rb))
                 {

gw->interface->send_debug_msg(LTE_FDD_ENB_DEBUG_TYPE_INFO,
-- 
1.7.9.5





-- 

*Pozdrawiam / Best regards, *

*Damian Jarek, Junior Software Engineer*

*Tieto Poland Sp. z o.o.*

Swobodna 1, 50-088 Wroclaw, Poland, www.tieto.com

*Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru
Sądowego pod numerem 0000124858. NIP: 8542085557. REGON: 812023656. Kapitał
zakładowy: 4 271500 PLN*