From 0ee90f861458a68be7d7ac6e7f253c2be03ae049 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Sun, 3 Jul 2016 20:45:21 +0200
Subject: lapd_dl_flush_hist(): Don't flush a non-existant history

If lapd_dl_flush_hist() is called after lapd_dl_exit(), dl->tx_hist has
already been free'd and set to NULL.  Check for this before attempting
to de-reference a NULL pointer.

This bug breaks OpenBSC with any E1 based BTSs using DAHDI.

Change-Id: I117ba3445fa5e8097e21c11c5a6337de6ba46c7d
Related: OS#1760
---
 src/gsm/lapd_core.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/gsm/lapd_core.c')

diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index c59b0754..fd1e7097 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -158,6 +158,9 @@ static void lapd_dl_flush_hist(struct lapd_datalink *dl)
 {
 	unsigned int i;
 
+	if (!dl->range_hist)
+		return;
+
 	for (i = 0; i < dl->range_hist; i++) {
 		if (dl->tx_hist[i].msg) {
 			msgb_free(dl->tx_hist[i].msg);
-- 
cgit v1.2.3