fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bts/+/38749?usp=email )

Change subject: l1sap: l1sap_tch_rts_ind(): fix NULL ptr dereference ......................................................................

l1sap: l1sap_tch_rts_ind(): fix NULL ptr dereference

The 'resp_msg' will be NULL if msgb_dequeue_count() returns NULL, i.e. in the case of Downlink queue underrun. We need to handle this gracefully and check 'resp_msg' before dereferencing it.

Change-Id: I4e1ea1d1ded2ffb3a07cc06f8b9b5dd922d32ec6 Fixes: 0a34af153 ("CSD NT modes: transmit properly aligned RLP frames on DL") --- M src/common/l1sap.c 1 file changed, 5 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/49/38749/1

diff --git a/src/common/l1sap.c b/src/common/l1sap.c index dc83e77..18d7d93 100644 --- a/src/common/l1sap.c +++ b/src/common/l1sap.c @@ -1789,8 +1789,11 @@ tchf96_nt_dl_alignment(lchan, resp_msg, fn); break; case GSM48_CMODE_DATA_14k5: - gsmtap_csd_rlp_dl(lchan, fn, msgb_l2(resp_msg), - msgb_l2len(resp_msg)); + if (resp_msg != NULL) { + gsmtap_csd_rlp_dl(lchan, fn, + msgb_l2(resp_msg), + msgb_l2len(resp_msg)); + } break; default: LOGPLCGT(lchan, &g_time, DL1P, LOGL_ERROR,