laforge submitted this change.

View Change

Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve falconia: Looks good to me, approved 
l1sap: l1sap_tch_rts_ind(): fix NULL ptr dereference

The 'resp_msg' will be NULL if msgb_dequeue_count() returns NULL,
i.e. in the case of Downlink queue underrun.  We need to handle
this gracefully and check 'resp_msg' before dereferencing it.

Change-Id: I4e1ea1d1ded2ffb3a07cc06f8b9b5dd922d32ec6
Fixes: 0a34af153 ("CSD NT modes: transmit properly aligned RLP frames on DL")
---
M src/common/l1sap.c
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/common/l1sap.c b/src/common/l1sap.c
index dc83e77..18d7d93 100644
--- a/src/common/l1sap.c
+++ b/src/common/l1sap.c
@@ -1789,8 +1789,11 @@
 			tchf96_nt_dl_alignment(lchan, resp_msg, fn);
 			break;
 		case GSM48_CMODE_DATA_14k5:
-			gsmtap_csd_rlp_dl(lchan, fn, msgb_l2(resp_msg),
-					  msgb_l2len(resp_msg));
+			if (resp_msg != NULL) {
+				gsmtap_csd_rlp_dl(lchan, fn,
+						  msgb_l2(resp_msg),
+						  msgb_l2len(resp_msg));
+			}
 			break;
 		default:
 			LOGPLCGT(lchan, &g_time, DL1P, LOGL_ERROR,

To view, visit change 38749. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: I4e1ea1d1ded2ffb3a07cc06f8b9b5dd922d32ec6
Gerrit-Change-Number: 38749
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: falconia <falcon@freecalypso.org>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>