dexter has submitted this change. ( https://gerrit.osmocom.org/c/osmo-bts/+/29651 )
Change subject: measurement: do not call msgb_l3len without checking ......................................................................
measurement: do not call msgb_l3len without checking
The function lchan_meas_handle_sacch() calls msgb_l3len without checking if l3h is even populated. Lets add a check to be sure.
Change-Id: Ie5a9fe1ba880e68edb74f5f4ca559ac191330d4f --- M src/common/measurement.c 1 file changed, 5 insertions(+), 1 deletion(-)
Approvals: Jenkins Builder: Verified osmith: Looks good to me, but someone else must approve laforge: Looks good to me, approved
diff --git a/src/common/measurement.c b/src/common/measurement.c index 82a1cf4..ff6f640 100644 --- a/src/common/measurement.c +++ b/src/common/measurement.c @@ -916,6 +916,8 @@ uint8_t ms_ta; int8_t ul_rssi; int16_t ul_ci_cb; + uint8_t *l3; + unsigned int l3_len;
if (msgb_l2len(msg) == GSM_MACBLOCK_LEN) { /* Some brilliant engineer decided that the ordering of @@ -945,7 +947,9 @@ }
timing_offset = ms_to_valid(lchan) ? ms_to2rsl(lchan, ms_ta) : -1; - rc = rsl_tx_meas_res(lchan, msgb_l3(msg), msgb_l3len(msg), timing_offset); + l3 = msgb_l3(msg); + l3_len = l3 ? msgb_l3len(msg) : 0; + rc = rsl_tx_meas_res(lchan, l3, l3_len, timing_offset); if (rc == 0) /* Count successful transmissions */ lchan->meas.res_nr++;