FreeCalypso > hg > fc-magnetite
view src/g23m-gsm/rr/rr_gprs.h @ 516:1ed9de6c90bd
src/g23m-gsm/sms/sms_for.c: bogus malloc removed
The new error handling code that was not present in TCS211 blob version
contains a malloc call that is bogus for 3 reasons:
1) The memory allocation in question is not needed in the first place;
2) libc malloc is used instead of one of the firmware's proper ways;
3) The memory allocation is made inside a function and then never freed,
i.e., a memory leak.
This bug was caught in gcc-built FreeCalypso fw projects (Citrine
and Selenite) because our gcc environment does not allow any use of
libc malloc (any reference to malloc produces a link failure),
but this code from TCS3.2 is wrong even for Magnetite: if this code
path is executed repeatedly over a long time, the many small allocations
made by this malloc call without a subsequent free will eventually
exhaust the malloc heap provided by the TMS470 environment, malloc will
start returning NULL, and the bogus code will treat it as an error.
Because the memory allocation in question is not needed at all,
the fix entails simply removing it.
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 22 Jul 2018 06:04:49 +0000 |
parents | 27a4235405c6 |
children |
line wrap: on
line source
/* +----------------------------------------------------------------------------- | Project : | Modul : +----------------------------------------------------------------------------- | Copyright 2002 Texas Instruments Berlin, AG | All rights reserved. | | This file is confidential and a trade secret of Texas | Instruments Berlin, AG | The receipt of or possession of this file does not convey | any rights to reproduce or disclose its contents or to | manufacture, use, or sell anything it may describe, in | whole, or in part, without the specific written consent of | Texas Instruments Berlin, AG. +----------------------------------------------------------------------------- | Purpose : Declarations for the Protocol Stack Entity | Radio Resource / GPRS-enhancements +----------------------------------------------------------------------------- */ #ifndef RR_GPRS_H #define RR_GPRS_H #define EXT_MEAS_START_CR 0x40 /* intermediate storage for data of paging indication */ typedef struct { UBYTE id_type; UBYTE chan_need; } T_PAGING_DATA; typedef enum { START_PROC_ACTIVATE_REQ, START_PROC_ENTER_LIMITED, START_PROC_NORMAL_CR, START_PROC_NORMAL_CS, START_PROC_CFG_CHG, START_PROC_GPRS_ACT, START_PROC_NOTHING } T_START_PROC; typedef struct { UBYTE rr_sdu[24]; UBYTE si13_sdu[24]; UBYTE tma_in_progress; ULONG fn; UBYTE req_ref_idx; UBYTE gprs_indic; /* flag MM wants GPRS or not */ UBYTE si13_received; /* SI13 has been received */ ULONG ptmsi; /* used PTMSI */ ULONG ptmsi2; /* used candidate PTMSI */ ULONG tlli; /* used tlli */ T_p_chan_req_des p_chan_req_des; /* Requested channel characteristics */ T_gprs_meas_results gprs_meas_results; /* GPRS Measurement Results */ UBYTE mac_req; /* */ T_PAGING_DATA pag_dat; UBYTE cs_req; /* */ UBYTE gprs_suspend; UBYTE gprs_resump; UBYTE rac; UBYTE page_mode; USHORT split_pg; /* split paging cycle */ UBYTE use_c31; UBYTE cr_pbcch_active; UBYTE cr_type; UBYTE cr_orig; T_START_PROC start_proc; UBYTE reconn_cause; /* cause sent with RRGRR_RECONNECT_REQ during PDCH Assignment procedure */ UBYTE tbf_est; /* indicate TBF establishment during PDCH Assignment / Cell Change Order */ T_DL_DATA_IND *dl_data_ind; /* store DL primitive containing d_change_order until access to new cell */ UBYTE bsic; /* BSIC of the new cell during Cell Change Order and CR*/ USHORT arfcn; /* ARFCN of the new cell during Cell Change Order and CR */ BOOL cco_need_reconnect_cnf; /* Flag indicating the need to send RRGRR-RECONNECT-CNF */ T_rai current_rai; /* last rai assigned by the network to GMM */ T_add_freq_list add_freq_lists[RRGRR_BA_LIST_SIZE]; UBYTE num_add_freq_list; T_RRGRR_EXT_MEAS_REQ *rrgrr_ext_meas_req; /* save the request for GPRS Ext Measurement */ T_RRGRR_EXT_MEAS_CNF *rrgrr_ext_meas_cnf; /* compiled result of the GPRS Ext Measurement */ T_MPH_EXT_MEAS_CNF *mph_ext_meas_cnf; /* power measurement result during GPRS Ext Measurement */ UBYTE mph_ext_meas_num; /* number of carriers used in mph_ext_meas_cnf */ UBYTE ext_meas_ctrl; /* indicate a pending Ext Meas stop request */ BOOL is_nc2_used_in_si13; /* NC state of SI13: NC2 or !NC2 */ UBYTE nc_mode_of_pmo; /* NC mode of Packet Measurement Order */ BOOL cr_pcco_active; /* PCCO in BCCH environment, cell not synced */ BOOL ready_state; /* TRUE - we are in READY STATE * FALSE - we are in STANDBY STATE * This is actually a GMM state, but has to * stored here for the NC2 handling and for * calculating the C2/C32 values */ #ifdef REL99 BOOL cbch_psi_valid; /* CBCH info on PSI8 received from GRR */ T_cbch cbch_psi8; /* This field is in GPRS data as this cbch info * on PSI 8 could be present only when PBCCH * is enabled. */ BOOL cbch_info_rxvd_in_ptm; /* This flag is set to indicate that CBCH information was received in * packet transfer mode. MPH_CBCH_COFIG_REQ should be sent to ALR * only in idle mode. When transitioning again to idle mode * if this flag is set, then CBCH info is given to ALR. * During packet transfer mode, CBCH info could be received * in SI4 or PSI8 or may need updateion because of dependent * parameters change in in PSI2 or other SI messages received in PTM. */ UBYTE nw_release; #endif UBYTE ba_bcch_modified; /*This flag will be set only when BA(BCCH) is modified by PMO or PCCO*/ } T_GPRS_DATA; #ifdef OPTION_MULTITHREAD #define hCommGRR _ENTITY_PREFIXED(hCommGRR) #endif EXTERN T_HANDLE hCommGRR; /* GRR Communication */ /* * GPRS functions */ void gprs_init_gprs_data (void); void gprs_get_table_n (const T_FUNC** table, USHORT* n); /* GPRS support functions for process DATA */ BOOL dat_check_gprs_imm_ass (T_MPH_UNITDATA_IND* unitdata, T_D_IMM_ASSIGN* imm_assign, UBYTE index); void dat_check_imm_ass_ext (T_MPH_UNITDATA_IND* unitdata, UBYTE index); UBYTE dat_check_imm_assign_pch (T_MPH_UNITDATA_IND* unitdata, T_D_IMM_ASSIGN* imm_assign); UBYTE dat_check_imm_ass_rej (UBYTE wait_ind); UBYTE dat_check_packet_paging_ind (T_MPH_PAGING_IND* pag_ind); void dat_rrgrr_channel_req (T_RRGRR_CHANNEL_REQ* chan_req); void att_check_bsic (T_RRGRR_NCELL_SYNC_REQ* check_bsic); BOOL dat_gprs_start_sabm (void); void dat_rrgrr_suspend_dcch_req (T_RRGRR_SUSPEND_DCCH_REQ* suspend_dcch_req); void dat_rrgrr_suspend_dcch_cnf (void); void dat_rrgrr_reconnect_dcch_req (T_RRGRR_RECONNECT_DCCH_REQ* reconnect_dcch_req); void dat_rrgrr_reconnect_dcch_cnf (UBYTE reconn_state); void dat_rrgrr_resumed_tbf_req (T_RRGRR_RESUMED_TBF_REQ* resumed_tbf_req); void dat_rrgrr_resumed_tbf_cnf (void); void dat_rrgrr_data_ind (T_DL_DATA_IND* dl_data_ind); void dat_rrgrr_change_order (T_DL_DATA_IND* dl_data_ind, T_D_CHANGE_ORDER* d_change_order); void dat_ask_paging_ind (T_MPH_PAGING_IND* pag_ind); void dat_ask_paging_ind_pa_only (T_MPH_PAGING_IND* pag_ind); void dat_stop_dcch_ind (UBYTE stop_cause); void dat_rrgrr_data_req (T_RRGRR_DATA_REQ* data_req); void dat_rrgrr_gprs_data_req (T_RRGRR_GPRS_DATA_REQ* data_req); BOOL dat_check_packet_access (void); void dat_rrgrr_rr_est_req (T_RRGRR_RR_EST_REQ* est_req); void dat_rrgrr_rr_est_rsp (T_RRGRR_RR_EST_RSP* rr_est_rsp); void dat_rrgrr_activate_req (T_RRGRR_ACTIVATE_REQ* act_req); void dat_set_gprs_resump (T_RR_RELEASE_IND* rr_release_ind); void dat_gprs_suspend_req (void); void dat_gprs_set_suspended (void); #ifdef REL99 BOOL dat_gprs_cell_in_ptm (void); #endif /* GPRS support functions for process ATTACHEMENT */ void att_signal_gprs_support (void); void att_for_sysinfo_type13 (T_MPH_UNITDATA_IND* data_ind, T_D_SYS_INFO_13* sys_info_13); void att_set_gprs_indication (UBYTE gprs_indic); void att_add_ptmsi (T_MPH_IDENTITY_REQ* mph_identity_req); void att_rrgrr_cr_ind (UBYTE type); void att_rrgrr_cr_req (T_RRGRR_CR_REQ* cr_req); void att_rrgrr_stop_mon_ccch_req (T_RRGRR_STOP_MON_CCCH_REQ* stop_ccch); void att_check_gprs_supp (UBYTE v_gprs_ind, T_gprs_indic* data); void att_rrgrr_start_mon_ccch_req (T_RRGRR_START_MON_CCCH_REQ* start_ccch); void att_rrgrr_start_mon_bcch_req (T_RRGRR_START_MON_BCCH_REQ* start_bcch); BOOL att_check_sync_results (T_MPH_MEASUREMENT_IND* mph_measurement_ind); BOOL att_gprs_is_avail (void); BOOL att_gprs_cell_has_pbcch (void); void att_gprs_stop_pl (void); void att_rrgrr_update_ba_req (T_RRGRR_UPDATE_BA_REQ* ba_req); void att_gprs_cr_rsp (T_RRGRR_CR_RSP* cr_rsp); void att_rrgrr_ext_meas_req (T_RRGRR_EXT_MEAS_REQ* ext_meas_req); UBYTE rr_ext_meas_idx (USHORT arfcn); void att_rrgrr_ext_meas_stop_req (T_RRGRR_EXT_MEAS_STOP_REQ* ext_meas_stop_req); void att_rrgrr_meas_rep_req (T_RRGRR_MEAS_REP_REQ* s); void att_gprs_idle_req (T_MPH_IDLE_REQ* idle_req); BOOL att_gprs_check_ncell (void); void att_start_cell_reselection_pbcch (UBYTE mode); void att_cell_reselection_gprs_failed (void); /*XXX*/ void gprs_rrgrr_stop_task (T_RRGRR_STOP_TASK_REQ* stop_task); void gprs_rrgrr_fill_from_stored_sdu (T_sdu* to, UBYTE* from); void gprs_rrgrr_store_sdu (UBYTE* to, T_sdu* from); void att_gprs_start_task (T_RRGRR_START_TASK_REQ* start_task); void att_start_cell_selection_gprs (UBYTE originator,U8 search_mode); void att_start_cell_reselection_gprs (UBYTE mode); void gprs_init_data_cr (void); void att_convert_idle_c31_cr (UBYTE index); void att_insert_c31_cr_data_in_cell (UBYTE index); BOOL att_check_cell_c31 (void); void att_check_c31_reselect_decision (UBYTE start_now); BOOL att_check_c31_criterion (UBYTE index); UBYTE att_get_next_best_c32_index (BOOL c31_calculated); void att_calculate_c31_c32 (UBYTE index); void att_rrgrr_standby_ind (T_RRGRR_STANDBY_STATE_IND* stdby); void att_rrgrr_ready_ind (T_RRGRR_READY_STATE_IND* rdy); #ifdef REL99 void att_rrgrr_cbch_info_ind (T_RRGRR_CBCH_INFO_IND* cbch_info); #endif void att_gprs_sync_req( T_RRGRR_SYNC_REQ *sync_req); BOOL is_nc2_used (void); #ifdef REL99 UBYTE att_gprs_get_nw_release (void); #endif /* * States of the GPRS Process * PIM - Packet Idle Mode * PTM - Packet Transfer Mode * PAM - Packet Access Mode */ #define GPRS_NULL 0 /* GPRS is not activated by MM */ #define GPRS_ACTIVATED 1 /* GPRS is activated by MM * and we are not on a cell */ #define GPRS_PIM_BCCH 2 /* RR has camped on a GPRS cell which has no PBCCH * RR is in idle mode */ #define GPRS_PAM_BCCH 3 /* GRR has requested the establishment of a TBF over CCCH */ #define GPRS_PTM_BCCH 4 /* GRR has established the TBF and transfer data */ #define GPRS_DEDI_SDCCH 5 /* GRR has requested a TBF but was assigned a SDCCH for further * signalling */ #define GPRS_PIM_PBCCH 6 /* GRR has camped on a GPRS cell which has a PBCCH * RR and GRR are in idle mode */ #define GPRS_PAM_PBCCH 7 /* GRR is establishing a TBF */ #define GPRS_PTM_PBCCH 8 /* GRR has established a TBF and transfers data */ #define GPRS_SUSPENDED_BCCH 9 /* RR is in or on its way to dedicated mode and was in a GPRS_*_BCCH state */ #define GPRS_SUSPENDED_PBCCH 10 /* RR is in or on its way to dedicated mode and was in a GPRS_*_PBCCH state */ EXTERN const char * const STATE_GPRS_NAME[]; #define STATE_GPRS_NAME_INIT \ "GPRS_NULL", \ "GPRS_ACTIVATED", \ "GPRS_PIM_BCCH", \ "GPRS_PAM_BCCH", \ "GPRS_PTM_BCCH", \ "GPRS_DEDI_SDCCH", \ "GPRS_PIM_PBCCH", \ "GPRS_PAM_PBCCH", \ "GPRS_PTM_PBCCH", \ "GPRS_SUSPENDED_BCCH",\ "GPRS_SUSPENDED_PBCCH" #define ESTCS_GPRS_1P 0x0478 #define ESTCS_GPRS_SB 0x0470 #define ESTCS_GPRS_PAGING 0x0481 #define TBF_EST_NONE 0 #define TBF_EST_PDCH 1 #define TBF_EST_CCO 2 #ifdef REL99 #define RR_GPRS_R97 0 #define RR_GPRS_R99 1 #define RR_GPRS_R4 2 #endif #endif /* !RR_GPRS_H */