Change in osmocom-bb[master]: layer23/l1ctl: fix NULL-pointer dereference reported by ASan

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Fri Feb 28 13:29:14 UTC 2020 

Vadim Yanitskiy has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmocom-bb/+/17295 )


Change subject: layer23/l1ctl: fix NULL-pointer dereference reported by ASan
......................................................................

layer23/l1ctl: fix NULL-pointer dereference reported by ASan

Some applications (e.g. ccch_scan) may not initialize ms->cellsel.si,
some (e.g. mobile) may need some time to initialize it. Let's assume
that 'bs_ag_blks_res' is 0 if no System Information is available.

Change-Id: Ie695d9700c01ee1e6778950a2f3c8610b69d2143
---
M src/host/layer23/src/common/l1ctl.c
1 file changed, 8 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/95/17295/1

diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c
index de66972..84463a5 100644
--- a/src/host/layer23/src/common/l1ctl.c
+++ b/src/host/layer23/src/common/l1ctl.c
@@ -218,6 +218,7 @@
 	struct rx_meas_stat *meas = &ms->meas;
 	uint8_t chan_type, chan_ts, chan_ss;
 	uint8_t gsmtap_chan_type;
+	uint8_t bs_ag_blks_res;
 	struct gsm_time tm;
 
 	if (msgb_l1len(msg) < sizeof(*dl)) {
@@ -302,7 +303,13 @@
 		return 0;
 	}
 
-	gsmtap_chan_type = chantype_rsl2gsmtap_ext(chan_type, dl->link_id, tm.fn, ms->cellsel.si->bs_ag_blks_res);
+	/* May not be initialized in some applications (e.g. ccch_scan) */
+	if (ms->cellsel.si != NULL)
+		bs_ag_blks_res = ms->cellsel.si->bs_ag_blks_res;
+	else
+		bs_ag_blks_res = 0;
+
+	gsmtap_chan_type = chantype_rsl2gsmtap_ext(chan_type, dl->link_id, tm.fn, bs_ag_blks_res);
 	/* don't log fill frames via GSMTAP; they serve no purpose other than
 	 * to clog up your logs */
 	if (!is_fill_frame(gsmtap_chan_type, ccch->data)) {

-- 
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/17295
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: Ie695d9700c01ee1e6778950a2f3c8610b69d2143
Gerrit-Change-Number: 17295
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200228/f381fba8/attachment.htm>

More information about the gerrit-log mailing list