[XS] Change in libosmocore[master]: lapdm: Move queue initialization to specific init function - gerrit-log

17 Mar 2025

pespin has uploaded this change for review. (
https://gerrit.osmocom.org/c/libosmocore/+/39812?usp=email )


Change subject: lapdm: Move queue initialization to specific init function
......................................................................

lapdm: Move queue initialization to specific init function

Otherwise the msg talloc reference is kept parented at some unknown
pointer in some unknown upper layer, which may cause memory corruption
or use-after-free.

Change-Id: I9c73f3aa5cc39d298296a82a99fbaf234b0ebe99
Related: OS#6728
---
M src/gsm/lapdm.c
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/12/39812/1

diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index 8f7db90..74e0736 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -136,6 +136,7 @@
 			  const char *name)
 {
 	memset(dl, 0, sizeof(*dl));
+	INIT_LLIST_HEAD(&dl->tx_ui_queue);
 	dl->entity = entity;
 	lapd_dl_init2(&dl->dl, 1, 8, 251, name); /* Section 5.8.5 of TS 04.06 */
 	dl->dl.reestablish = 0; /* GSM uses no reestablish */
@@ -200,7 +201,6 @@
 			lapdm_dl_init(&le->datalink[i], le, (t200_ms) ? t200_ms[i] : 0, n200, name);
 		} else
 			lapdm_dl_init(&le->datalink[i], le, (t200_ms) ? t200_ms[i] : 0, n200, NULL);
-		INIT_LLIST_HEAD(&le->datalink[i].tx_ui_queue);
 	}
 
 	lapdm_entity_set_mode(le, mode);

-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/39812?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I9c73f3aa5cc39d298296a82a99fbaf234b0ebe99
Gerrit-Change-Number: 39812
Gerrit-PatchSet: 1
Gerrit-Owner: pespin &lt;pespin(a)sysmocom.de&gt;



    