Attention is currently required from: dexter.
Patch set 5:Code-Review -2
1 comment:
File src/common/l1sap.c:
/* Since we already verified the payload in rtppayload_validate_hr(), we may trust that the payload length is
* correct according to either RFC 5993 or TS 101 318. */
Huge problem with this logic: your added function is called from l1sap_rtp_rx_cb(), which executes *before* rtppayload_validate_*() functions - the latter are called from l1sap_tch_rts_ind() on the receiving end of the queue being written to by l1sap_rtp_rx_cb(). Therefore, if this patch were to be merged, the OSMO_ASSERT(0) just below will cause the BTS to crash as soon as even one invalid RTP packet is received.
To view, visit change 32630. To unsubscribe, or for help writing mail filters, visit settings.