diff options
| author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-09-22 18:50:08 +0200 |
|---|---|---|
| committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-10-09 18:00:55 +0200 |
| commit | 7e31f847af411d5d29fd8189be6e91dc85581ffb (patch) | |
| tree | a974a0a0c2d9222013de8ae1dda4cd8b27668b02 /openbsc/src/gprs/gprs_utils.c | |
| parent | 657502812b09fdce0be168c260ef040c5835b10a (diff) | |
gprs: Fix gprs_msgb_copy pointer computation
Currently the pointers are computed by adding an offset to the new
message's _data pointer even when the original pointer is NULL.
This leads to invalid pointers in the copied msgb.
This patch adds a NULL check to each computation such that NULL
pointers are not adjusted.
Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/src/gprs/gprs_utils.c')
| -rw-r--r-- | openbsc/src/gprs/gprs_utils.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/openbsc/src/gprs/gprs_utils.c b/openbsc/src/gprs/gprs_utils.c index 55d4efda1..c62045480 100644 --- a/openbsc/src/gprs/gprs_utils.c +++ b/openbsc/src/gprs/gprs_utils.c @@ -47,21 +47,29 @@ struct msgb *gprs_msgb_copy(const struct msgb *msg, const char *name) new_msg->head += msg->head - msg->_data; new_msg->tail += msg->tail - msg->_data; - new_msg->l1h = new_msg->_data + (msg->l1h - msg->_data); - new_msg->l2h = new_msg->_data + (msg->l2h - msg->_data); - new_msg->l3h = new_msg->_data + (msg->l3h - msg->_data); - new_msg->l4h = new_msg->_data + (msg->l4h - msg->_data); + if (msg->l1h) + new_msg->l1h = new_msg->_data + (msg->l1h - msg->_data); + if (msg->l2h) + new_msg->l2h = new_msg->_data + (msg->l2h - msg->_data); + if (msg->l3h) + new_msg->l3h = new_msg->_data + (msg->l3h - msg->_data); + if (msg->l4h) + new_msg->l4h = new_msg->_data + (msg->l4h - msg->_data); /* copy GB specific data */ old_cb = LIBGB_MSGB_CB(msg); new_cb = LIBGB_MSGB_CB(new_msg); - new_cb->bssgph = new_msg->_data + (old_cb->bssgph - msg->_data); - new_cb->llch = new_msg->_data + (old_cb->llch - msg->_data); + if (old_cb->bssgph) + new_cb->bssgph = new_msg->_data + (old_cb->bssgph - msg->_data); + if (old_cb->llch) + new_cb->llch = new_msg->_data + (old_cb->llch - msg->_data); /* bssgp_cell_id is a pointer into the old msgb, so we need to make * it a pointer into the new msgb */ - new_cb->bssgp_cell_id = new_msg->_data + (old_cb->bssgp_cell_id - msg->_data); + if (old_cb->bssgp_cell_id) + new_cb->bssgp_cell_id = new_msg->_data + + (old_cb->bssgp_cell_id - msg->_data); new_cb->nsei = old_cb->nsei; new_cb->bvci = old_cb->bvci; new_cb->tlli = old_cb->tlli; |