Change in libosmocore[master]: gprs_ns2_vc_fsm: fix nullpointer dereference when sending uintdata

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

dexter gerrit-no-reply at lists.osmocom.org
Thu Jan 21 22:15:13 UTC 2021 

dexter has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/22349 )

Change subject: gprs_ns2_vc_fsm: fix nullpointer dereference when sending uintdata
......................................................................


Patch Set 2:

(2 comments)

https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c 
File src/gb/gprs_ns2_vc_fsm.c:

https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c@759 
PS1, Line 759: if (nsh->pdu_type == NS_PDUT_UNITDATA) {
             : 		/* UNITDATA have to free msg because it might send the msg layer upwards */
             : 		osmo_fsm_inst_dispatch(fi, GPRS_NS2_EV_RX_UNITDATA, msg);
             : 		return 0;
             : 	}
> why are we moving this block before the call to gprs_ns2_validate() ? If the validation fails, why i […]
I have moved it since gprs_ns2_validate() also get a tp pointer, which is NULL on unit-data. gprs_ns2_validate() would segfault then. (See also gprs_ns2.c line 1102, however I do not know if this is allowed though)


https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c@765 
PS1, Line 765: 	if (!tp) {
> do OSMO_ASSERT(tp). A NULL tp should never happen except for UNITDATA. Only UNITDATA is special.
Done



-- 
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22349
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I7d7c95604ba4af4ed4b6019f1d432970225f8d7a
Gerrit-Change-Number: 22349
Gerrit-PatchSet: 2
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Assignee: lynxis lazus <lynxis at fe80.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: lynxis lazus <lynxis at fe80.eu>
Gerrit-CC: laforge <laforge at osmocom.org>
Gerrit-Comment-Date: Thu, 21 Jan 2021 22:15:13 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: laforge <laforge at osmocom.org>
Comment-In-Reply-To: lynxis lazus <lynxis at fe80.eu>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210121/861df86b/attachment.htm>

More information about the gerrit-log mailing list