Change in osmo-bts[master]: prevent potential NULL dereference in virtbts's tx_tchh_fn

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Thu Nov 8 16:06:04 UTC 2018 

Neels Hofmeyr has posted comments on this change. ( https://gerrit.osmocom.org/11632 )

Change subject: prevent potential NULL dereference in virtbts's tx_tchh_fn
......................................................................


Patch Set 1: Code-Review+2

(1 comment)

https://gerrit.osmocom.org/#/c/11632/1/src/osmo-bts-virtual/scheduler_virtbts.c
File src/osmo-bts-virtual/scheduler_virtbts.c:

https://gerrit.osmocom.org/#/c/11632/1/src/osmo-bts-virtual/scheduler_virtbts.c@463
PS1, Line 463: 	if (msg_facch) {
> Can tx_tch_common return msg_facch==NULL and msg_tch==NULL at the
 > same time?

yep, looking at the code it clearly can: either both msg1 and msg2 are not present, or the " /* check validity of message */" if-statement clears msg_facch back to NULL. Or above, in this function, msg_facch gets cleared back to NULL in the "check for FACCH alignment"-if. They aren't common cases but can arise from outside data.

I actually wonder why above "/* no message at all */" check includes the '!chan_state->dl_ongoing_facch' condition.

This change seems to me to be a proper fix of a possible NULLpointer dereference. Could also make sense to instead remove the '&& !chan_state->dl_ongoing_facch' above? (but I don't know the semantics)

Also very interesting in this function is that all code paths return NULL in the end...



-- 
To view, visit https://gerrit.osmocom.org/11632
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Icf5584396c5b925d55ca9380dd4f869ae5d72da3
Gerrit-Change-Number: 11632
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-CC: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Comment-Date: Thu, 08 Nov 2018 16:06:04 +0000
Gerrit-HasComments: Yes
Gerrit-HasLabels: Yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181108/bef4b965/attachment.htm>

More information about the gerrit-log mailing list