[S] Change in osmocom-bb[master]: trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn()

fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/36910?usp=email ) Change subject: trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn() ...................................................................... trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn() If msg is NULL, we're inducing a BFI condition at the BTS side receiver by sending a TCH/A[FH]S block with invalid CRC6. In this case we need to skip the rest of the function and jump to send_burst immediately. Change-Id: I159b2ed455377c77d8764f9320efd15333129afb Fixes: 7c00190b "trxcon/l1sched: fix sending dummy TCH/A[FH]S blocks" Fixes: CID#368538 --- M src/host/trxcon/src/sched_lchan_tchf.c M src/host/trxcon/src/sched_lchan_tchh.c 2 files changed, 19 insertions(+), 0 deletions(-) Approvals: fixeria: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/host/trxcon/src/sched_lchan_tchf.c b/src/host/trxcon/src/sched_lchan_tchf.c index d11b314..7cc1856 100644 --- a/src/host/trxcon/src/sched_lchan_tchf.c +++ b/src/host/trxcon/src/sched_lchan_tchf.c @@ -321,6 +321,8 @@ lchan->amr.codecs, lchan->amr.ul_ft, lchan->amr.ul_cmr); + if (msg == NULL) + goto send_burst; break; } /* CSD (TCH/F14.4): 14.5 kbit/s radio interface rate */ diff --git a/src/host/trxcon/src/sched_lchan_tchh.c b/src/host/trxcon/src/sched_lchan_tchh.c index 0d3de00..6c88d19 100644 --- a/src/host/trxcon/src/sched_lchan_tchh.c +++ b/src/host/trxcon/src/sched_lchan_tchh.c @@ -528,6 +528,8 @@ lchan->amr.codecs, lchan->amr.ul_ft, lchan->amr.ul_cmr); + if (msg == NULL) + goto send_burst; break; } /* CSD (TCH/H4.8): 6.0 kbit/s radio interface rate */ -- To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/36910?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmocom-bb Gerrit-Branch: master Gerrit-Change-Id: I159b2ed455377c77d8764f9320efd15333129afb Gerrit-Change-Number: 36910 Gerrit-PatchSet: 1 Gerrit-Owner: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-MessageType: merged