[S] Change in osmo-bts[master]: osmo-bts-trx: tx_tch[fh]_fn(): fix NULL pointer dereference - gerrit-log

20 Jul 2023

fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bts/+/33858 )
Change subject: osmo-bts-trx: tx_tch[fh]_fn(): fix NULL pointer dereference
......................................................................
osmo-bts-trx: tx_tch[fh]_fn(): fix NULL pointer dereference
It may happen that only FACCH is available for transmission, so msg_tch
would be NULL in this case.  Check it before dereferencing.
Change-Id: I0e7d5634b5223bc246badbb8e94b620c967ab121
Related: OS#1572
---
M src/osmo-bts-trx/sched_lchan_tchf.c
M src/osmo-bts-trx/sched_lchan_tchh.c
2 files changed, 23 insertions(+), 5 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/58/33858/1

diff --git a/src/osmo-bts-trx/sched_lchan_tchf.c b/src/osmo-bts-trx/sched_lchan_tchf.c
index 949e059..ae800a9 100644
--- a/src/osmo-bts-trx/sched_lchan_tchf.c
+++ b/src/osmo-bts-trx/sched_lchan_tchf.c
@@ -578,13 +578,15 @@
    	break;
    /* CSD (TCH/F9.6): 12.0 kbit/s radio interface rate */
    case GSM48_CMODE_DATA_12k0:
-		gsm0503_tch_fr96_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
+		if (msg_tch != NULL)
+			gsm0503_tch_fr96_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
    	if (msg_facch != NULL)
    		gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch));
    	break;
    /* CSD (TCH/F4.8): 6.0 kbit/s radio interface rate */
    case GSM48_CMODE_DATA_6k0:
-		gsm0503_tch_fr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
+		if (msg_tch != NULL)
+			gsm0503_tch_fr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
    	if (msg_facch != NULL)
    		gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch));
    	break;
@@ -598,7 +600,8 @@
    	break;
    /* CSD (TCH/F14.4): 14.5 kbit/s radio interface rate */
    case GSM48_CMODE_DATA_14k5:
-		gsm0503_tch_fr144_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
+		if (msg_tch != NULL)
+			gsm0503_tch_fr144_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
    	if (msg_facch != NULL)
    		gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch));
    	break;
diff --git a/src/osmo-bts-trx/sched_lchan_tchh.c b/src/osmo-bts-trx/sched_lchan_tchh.c
index 7e494de..2f384af 100644
--- a/src/osmo-bts-trx/sched_lchan_tchh.c
+++ b/src/osmo-bts-trx/sched_lchan_tchh.c
@@ -513,13 +513,15 @@
    	break;
    /* CSD (TCH/H4.8): 6.0 kbit/s radio interface rate */
    case GSM48_CMODE_DATA_6k0:
-		gsm0503_tch_hr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
+		if (msg_tch != NULL)
+			gsm0503_tch_hr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
    	if (msg_facch != NULL)
    		gsm0503_tch_hr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch));
    	break;
    /* CSD (TCH/H2.4): 3.6 kbit/s radio interface rate */
    case GSM48_CMODE_DATA_3k6:
-		gsm0503_tch_hr24_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
+		if (msg_tch != NULL)
+			gsm0503_tch_hr24_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch));
    	if (msg_facch != NULL)
    		gsm0503_tch_hr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch));
    	break;
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bts/+/33858
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Change-Id: I0e7d5634b5223bc246badbb8e94b620c967ab121
Gerrit-Change-Number: 33858
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria vyanitskiy@sysmocom.de
Gerrit-MessageType: newchange



    