fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/36910?usp=email )
Change subject: trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn() ......................................................................
trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn()
If msg is NULL, we're inducing a BFI condition at the BTS side receiver by sending a TCH/A[FH]S block with invalid CRC6. In this case we need to skip the rest of the function and jump to send_burst immediately.
Change-Id: I159b2ed455377c77d8764f9320efd15333129afb Fixes: 7c00190b "trxcon/l1sched: fix sending dummy TCH/A[FH]S blocks" Fixes: CID#368538 --- M src/host/trxcon/src/sched_lchan_tchf.c M src/host/trxcon/src/sched_lchan_tchh.c 2 files changed, 19 insertions(+), 0 deletions(-)
Approvals: fixeria: Looks good to me, approved Jenkins Builder: Verified
diff --git a/src/host/trxcon/src/sched_lchan_tchf.c b/src/host/trxcon/src/sched_lchan_tchf.c index d11b314..7cc1856 100644 --- a/src/host/trxcon/src/sched_lchan_tchf.c +++ b/src/host/trxcon/src/sched_lchan_tchf.c @@ -321,6 +321,8 @@ lchan->amr.codecs, lchan->amr.ul_ft, lchan->amr.ul_cmr); + if (msg == NULL) + goto send_burst; break; } /* CSD (TCH/F14.4): 14.5 kbit/s radio interface rate */ diff --git a/src/host/trxcon/src/sched_lchan_tchh.c b/src/host/trxcon/src/sched_lchan_tchh.c index 0d3de00..6c88d19 100644 --- a/src/host/trxcon/src/sched_lchan_tchh.c +++ b/src/host/trxcon/src/sched_lchan_tchh.c @@ -528,6 +528,8 @@ lchan->amr.codecs, lchan->amr.ul_ft, lchan->amr.ul_cmr); + if (msg == NULL) + goto send_burst; break; } /* CSD (TCH/H4.8): 6.0 kbit/s radio interface rate */