From c8832617f978807e79dd831ec6825f2f0eed907f Mon Sep 17 00:00:00 2001
From: Robert Schmidt <robert.schmidt@openairinterface.org>
Date: Mon, 10 Oct 2022 16:57:49 +0200
Subject: [PATCH] Fix signed integer overflow in PSS search
Detected through UBSan
---
openair1/PHY/NR_UE_TRANSPORT/pss_nr.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/openair1/PHY/NR_UE_TRANSPORT/pss_nr.c b/openair1/PHY/NR_UE_TRANSPORT/pss_nr.c
index e736718237..14e4acdbbf 100644
--- a/openair1/PHY/NR_UE_TRANSPORT/pss_nr.c
+++ b/openair1/PHY/NR_UE_TRANSPORT/pss_nr.c
@@ -661,7 +661,6 @@ int pss_search_time_nr(int **rxdata, ///rx data in time domain
{
unsigned int n, ar, peak_position, pss_source;
int64_t peak_value;
- int64_t result;
int64_t avg[NUMBER_PSS_SEQUENCE]={0};
double ffo_est=0;
@@ -704,11 +703,13 @@ int pss_search_time_nr(int **rxdata, ///rx data in time domain
for (ar=0; ar<frame_parms->nb_antennas_rx; ar++) {
/* perform correlation of rx data and pss sequence ie it is a dot product */
- result = dot_product64((short*)primary_synchro_time_nr[pss_index],
- (short*)&(rxdata[ar][n+is*frame_parms->samples_per_frame]),
- frame_parms->ofdm_symbol_size,
- shift);
- pss_corr_ue += squaredMod(*(c32_t*)&result);
+ const int64_t result = dot_product64((short *)primary_synchro_time_nr[pss_index],
+ (short *)&(rxdata[ar][n + is * frame_parms->samples_per_frame]),
+ frame_parms->ofdm_symbol_size,
+ shift);
+ const c32_t r32 = *(c32_t*)&result;
+ const c64_t r64 = {.r = r32.r, .i = r32.i};
+ pss_corr_ue += squaredMod(r64);
//((short*)pss_corr_ue[pss_index])[2*n] += ((short*) &result)[0]; /* real part */
//((short*)pss_corr_ue[pss_index])[2*n+1] += ((short*) &result)[1]; /* imaginary part */
//((short*)&synchro_out)[0] += ((int*) &result)[0]; /* real part */
--
GitLab