On Sat, Jul 06, 2013 at 10:05:00AM +0200, Andreas Eversberg wrote:
this is really wrong. msg may be null. at least it depends on the upper layer how to provide msg (NULL or 0-length), see patch.
but we have not hit this case yet (e.g. no re-establishment occured right now). Do you have an idea of why this doesn't crash right now?
i think we can remove the check for trans->subscr, since all rx functions assume that it is set. instead it makes sense to add a sanity check (trans->subscr must be set) to gsm0408_rcv_cc before calling the rx function.
okay. I will take care of that.
also if msg exists with 0 lenght, it will not be used, so it must be freed, see patch.
do you think you could extend the LAPD testcase for the case that would have crashed/leaked right now? msgb_free(NULL) is well defined, this means you do not need to have a NULL check there.
LOGP(DLLAPD, LOGL_INFO, "perform re-establishment (SABM) length=%d\n",
msg->len);
(msg) ? msg->len : 0);
why the '(' and ')'?
- } else {
if (msg)msgb_free(msg);
msgb_free(msg)
dl->send_buffer = NULL;
- }