6 Jul
2013
6 Jul
'13
11:42 a.m.
On Sat, Jul 06, 2013 at 10:05:00AM +0200, Andreas Eversberg wrote:
this is really wrong. msg may be null. at least it
depends on the upper
layer how to provide msg (NULL or 0-length), see patch.
but we have not hit this case yet (e.g. no re-establishment occured
right now). Do you have an idea of why this doesn't crash right now?
i think we can remove the check for trans->subscr,
since all rx
functions assume that it is set. instead it makes sense to add a sanity
check (trans->subscr must be set) to gsm0408_rcv_cc before calling the
rx function.
okay. I will take care of that.
also if msg exists with 0 lenght, it will not be used,
so it must be
freed, see patch.
do you think you could extend the LAPD testcase for the case that would
have crashed/leaked right now? msgb_free(NULL) is well defined, this means
you do not need to have a NULL check there.
LOGP(DLLAPD, LOGL_INFO, "perform
re-establishment (SABM) length=%d\n",
- msg->len);
+ (msg) ? msg->len : 0);
why the '(' and ')'?
+ } else {
+ if (msg)
+ msgb_free(msg);
msgb_free(msg)
dl->send_buffer = NULL;
+ }