FreeCalypso > hg > fc-magnetite

view cdg211/prim/mmcc.pdf @ 516:1ed9de6c90bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/g23m-gsm/sms/sms_for.c: bogus malloc removed The new error handling code that was not present in TCS211 blob version contains a malloc call that is bogus for 3 reasons: 1) The memory allocation in question is not needed in the first place; 2) libc malloc is used instead of one of the firmware's proper ways; 3) The memory allocation is made inside a function and then never freed, i.e., a memory leak. This bug was caught in gcc-built FreeCalypso fw projects (Citrine and Selenite) because our gcc environment does not allow any use of libc malloc (any reference to malloc produces a link failure), but this code from TCS3.2 is wrong even for Magnetite: if this code path is executed repeatedly over a long time, the many small allocations made by this malloc call without a subsequent free will eventually exhaust the malloc heap provided by the TMS470 environment, malloc will start returning NULL, and the bogus code will treat it as an error. Because the memory allocation in question is not needed at all, the fix entails simply removing it.
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 22 Jul 2018 06:04:49 +0000
parents 56abf6cf8a0b
children
line wrap: on
line source

;********************************************************************************
;*** File           : mmcc.pdf
;*** Creation       : Fri Jun 08 13:57:48 CST 2007
;*** XSLT Processor : Apache Software Foundation / http://xml.apache.org/xalan-j / supports XSLT-Ver: 1
;*** Copyright      : (c) Texas Instruments AG, Berlin Germany 2002
;********************************************************************************
;*** Document Type  : Service Access Point Specification
;*** Document Name  : mmcc
;*** Document No.   : 6147.104.97.102
;*** Document Date  : 2002-07-31
;*** Document Status: BEING_PROCESSED
;*** Document Author: HM
;********************************************************************************



PRAGMA 	SRC_FILE_TIME 	"Mon Nov 24 15:49:16 2003"
PRAGMA 	LAST_MODIFIED 	"2002-07-31"
PRAGMA 	ID_AND_VERSION 	"6147.104.97.102"



CONST 	MM_CAUSE 	0x04 	; Used in cause values to mark MM as the cause originating entity



VALTAB 	VAL_ch_mode
VAL 	0 	CHM_SIG_ONLY 	"signalling only"
VAL 	1 	CHM_SPEECH 	"speech full rate or half rate version 1"
VAL 	33 	CHM_SPEECH_V2 	"speech full rate or half rate version 2"
VAL 	65 	CHM_SPEECH_V3 	"speech full rate or half rate version 3"
VAL 	3 	CHM_DATA_9_6 	"data 9.6 kBit/s"
VAL 	11 	CHM_DATA_4_8 	"data 4.8 kBit/s"
VAL 	19 	CHM_DATA_2_4 	"data 2.4 kBit/s"
VAL 	15 	CHM_DATA_14_4 	"data 2.4 kBit/s"

VALTAB 	VAL_ch_type
VAL 	0 	CH_SDCCH 	"SDCCH channel"
VAL 	1 	CH_TCH_F 	"TCH Fullrate"
VAL 	2 	CH_TCH_H 	"TCH Halfrate"

VALTAB 	VAL_estcs
VAL 	0x0400 	ESTCS_SERV_REQ_MM 	"service requested by MM (Location updating or detach)"
VAL 	0x04A0 	ESTCS_EMERGE 	"emergency call"
VAL 	0x04C0 	ESTCS_CAL_REEST 	"call reestablishment"
VAL 	0x04E0 	ESTCS_MOB_ORIG_SPCH 	"mobile originated speech call by CC"
VAL 	0x04E1 	ESTCS_MOB_ORIG_DATA 	"mobile originated data call by CC"
VAL 	0x04E2 	ESTCS_MOB_ORIG_DATA_HR_SUFF 	"mobile originated data call by CC, halfrate channel sufficient"

VALTAB 	VAL_cause
VAL 	0x0402 	MMCS_IMSI_IN_HLR 	"IMSI unknown in HLR"
VAL 	0x0403 	MMCS_ILLEGAL_MS 	"Illegal MS"
VAL 	0x0404 	MMCS_IMSI_IN_VLR 	"IMSI unknown in VLR"
VAL 	0x0405 	MMCS_IMEI_NOT_ACCEPTED 	"IMEI not accepted"
VAL 	0x0406 	MMCS_ILLEGAL_ME 	"Illegal ME"
VAL 	0x040B 	MMCS_PLMN_NOT_ALLOWED 	"PLMN not allowed"
VAL 	0x040C 	MMCS_LA_NOT_ALLOWED 	"Location Area not allowed"
VAL 	0x040D 	MMCS_ROAMING_NOT_ALLOWED 	"Roaming not allowed in this location area"
VAL 	0x0411 	MMCS_NETWORK_FAILURE 	"Network failure"
VAL 	0x0416 	MMCS_CONGESTION 	"Congestion"
VAL 	0x0420 	MMCS_SERVICE_NOT_SUPPORTED 	"Service option not supported"
VAL 	0x0421 	MMCS_SERVICE_NOT_SUBSCRIBED 	"Requested service option not subscribed"
VAL 	0x0422 	MMCS_SERVICE_ORDER 	"Service option temporarily out of order"
VAL 	0x0426 	MMCS_IDENTIFIY 	"Call cannot be identified"
VAL 	0x0430 	MMCS_RETRY_IN_NEW_CELL 	"retry upon entry into a new cell (mapped 0x0430..0x043f -> 0x0430)"
VAL 	0x045F 	MMCS_INCORRECT_MESSAGE 	"Semantically incorrect message"
VAL 	0x0460 	MMCS_INVALID_MAND_MESSAGE 	"Invalid mandatory information"
VAL 	0x0461 	MMCS_MESSAGE_TYPE_NOT_IMPLEM 	"Message type non-existent or not implemented"
VAL 	0x0462 	MMCS_MESSAGE_TYPE_INCOMPAT 	"Message type not compatible with the protocol state"
VAL 	0x0463 	MMCS_IE_NOT_IMPLEM 	"Information element non-existent or not implemented"
VAL 	0x0464 	MMCS_CONDITIONAL_IE 	"Conditional IE error"
VAL 	0x0465 	MMCS_MESSAGE_INCOMPAT 	"Message not compatible with the protocol state"
VAL 	0x046F 	MMCS_UNSPECIFIED 	"Protocol error, unspecified"
VAL 	0xC400 	MMCS_SUCCESS 	"No error, successful operation (MM)"
VAL 	0xC480 	MMCS_NO_REGISTRATION 	"MS is not registered or deregistration started"
VAL 	0xC481 	MMCS_TIMER_RECOVERY 	"time-out in MM during establishment"
VAL 	0xC482 	MMCS_NO_REESTABLISH 	"Cell does not support call reestablishment"
VAL 	0xC483 	MMCS_INT_PREEM 	"Preemptive release, e.g. MO-MT clash in MM"
VAL 	0xC484 	MMCS_PLMN_NOT_IDLE_MODE 	"reject, not in idle mode (MMR_PLMN_IND)"
VAL 	0xC488 	MMCS_AUTHENTICATION_REJECTED 	"AUTHENTICATION REJECT received"
VAL 	0xC489 	MMCS_SIM_REMOVED 	"A valid SIM is not present"
VAL 	0xC4FF 	MMCS_INT_NOT_PRESENT 	"No error cause (MM)"

VALTAB 	VAL_ti
VAL 	0 - 6 	"ms originated transaction"
VAL 	8 - 14 	"ms originated transaction"
VAL 	7 	 	"reserved"
VAL 	15 	 	"reserved"




VAR 	ch_type 	"Channel Type" 	B

VAL 	@p_mmcc - VAL_ch_type@ 	

VAR 	ch_mode 	"Channel Mode" 	B

VAL 	@p_mmcc - VAL_ch_mode@ 	

VAR 	estcs 	"establishment cause" 	S

VAL 	@p_mmcc - VAL_estcs@ 	

VAR 	cause 	"MM cause" 	S

VAL 	@p_mmcc - VAL_cause@ 	

VAR 	l_buf 	"length in bits" 	S


VAR 	o_buf 	"offset in bits" 	S


VAR 	buf 	"bit buffer" 	B


VAR 	ti 	"transaction identifier" 	B

VAL 	@p_mmcc - VAL_ti@ 	

VAR 	d1 	"dummy, not used" 	B


VAR 	d2 	"dummy, not used" 	B





COMP 	chm 	 "Channel using mode"
{
 	ch_type 	 ; Channel Type
 	ch_mode 	 ; Channel Mode
}



COMP 	sdu 	 "Service Data Unit"
{
 	l_buf 	 ; length in bits
 	o_buf 	 ; offset in bits
 	buf 	[1] 	 ; bit buffer
}






; MMCC_ESTABLISH_REQ 	0x80000007
; MMCC_RELEASE_REQ 	0x80010007
; MMCC_DATA_REQ 	0x80020007
; MMCC_DATA_IND 	0x80004007
; MMCC_REESTABLISH_REQ 	0x80030007
; MMCC_PROMPT_REJ 	0x80040007
; MMCC_PROMPT_RSP 	0x80050007
; MMCC_SYNC_IND 	0x80014007
; MMCC_ERROR_IND 	0x80024007
; MMCC_ESTABLISH_CNF 	0x80034007
; MMCC_ESTABLISH_IND 	0x80044007
; MMCC_REESTABLISH_CNF 	0x80054007
; MMCC_RELEASE_IND 	0x80064007
; MMCC_PROMPT_IND 	0x80074007



PRIM 	MMCC_ESTABLISH_REQ 	0x80000007
{
 	ti 	 ; transaction identifier
 	estcs 	 ; establishment cause
}






PRIM 	MMCC_RELEASE_REQ 	0x80010007
{
 	ti 	 ; transaction identifier
}






PRIM 	MMCC_DATA_REQ 	0x80020007
{
 	d1 	 ; dummy
 	d2 	 ; dummy
 	sdu 	 ; service data unit
}






PRIM 	MMCC_DATA_IND 	0x80004007
{
 	d1 	 ; dummy
 	d2 	 ; dummy
 	sdu 	 ; service data unit
}






PRIM 	MMCC_REESTABLISH_REQ 	0x80030007
{
 	ti 	 ; transaction identifier
}






PRIM 	MMCC_PROMPT_REJ 	0x80040007
{
}






PRIM 	MMCC_PROMPT_RSP 	0x80050007
{
 	ti 	 ; transaction identifier
}






PRIM 	MMCC_SYNC_IND 	0x80014007
{
 	ti 	 ; transaction identifier
 	chm 	 ; channel using mode
}






PRIM 	MMCC_ERROR_IND 	0x80024007
{
 	ti 	 ; transaction identifier
 	cause 	 ; error cause
}






PRIM 	MMCC_ESTABLISH_CNF 	0x80034007
{
 	ti 	 ; transaction identifier
}






PRIM 	MMCC_ESTABLISH_IND 	0x80044007
{
 	d1 	 ; dummy
 	d2 	 ; dummy
 	sdu 	 ; service data unit
}






PRIM 	MMCC_REESTABLISH_CNF 	0x80054007
{
 	ti 	 ; transaction identifier
}






PRIM 	MMCC_RELEASE_IND 	0x80064007
{
 	ti 	 ; transaction identifier
 	cause 	 ; release cause
}






PRIM 	MMCC_PROMPT_IND 	0x80074007
{
}