laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmocom-bb/+/35507?usp=email )

Change subject: mobile: fix segfault on empty TRAFFIC.ind ......................................................................

mobile: fix segfault on empty TRAFFIC.ind

The L1 PHY may emit empty TRAFFIC.ind in case of decoding errors. Abort execution of pq_audio_sink early, otherwise we hit an assert.

Change-Id: Ice11b72ddfd51fbfb17a4c609c664b86a8f69591 --- M src/host/layer23/src/mobile/gapk_io.c 1 file changed, 16 insertions(+), 0 deletions(-)

Approvals: laforge: Looks good to me, approved pespin: Looks good to me, but someone else must approve Jenkins Builder: Verified

diff --git a/src/host/layer23/src/mobile/gapk_io.c b/src/host/layer23/src/mobile/gapk_io.c index 966d0f4..d6b84a5 100644 --- a/src/host/layer23/src/mobile/gapk_io.c +++ b/src/host/layer23/src/mobile/gapk_io.c @@ -57,6 +57,10 @@

/* Calculate received frame length */ frame_len = msgb_l3len(tch_msg); + if (frame_len == 0) { + msgb_free(tch_msg); + return -EIO; + }

/* Copy the frame bytes from message */ memcpy(out, tch_msg->l3h, frame_len);