sysmobts: Fix a crash when the DSP2ARM queue runs full

When not reading quick enough from the queue we will get a bogus
response which will lead to marking the lchan as broken and to
clear the sapi queue. The sapi_queue_dispatch was checking if the
queue was empty before calling the callback but not taking into
account that it might have been flushed.

Stop processing if the queue was empty before calling the callback
or if it is empty after the callback.

Backtrace:
 #0  0x4eb1f1cc in raise () from /lib/libc.so.6
 #1  0x4eb22f48 in abort () from /lib/libc.so.6
 #2  0x4ecc2cb8 in talloc_abort (reason=<optimized out>) at talloc.c:167
 #3  0x4ecbc854 in talloc_abort_unknown_value () at talloc.c:180
 #4  0x4ecc6bc8 in talloc_chunk_from_ptr (ptr=0x4ec2d494) at talloc.c:192
 #5  _talloc_free (ptr=0x4ec2d494) at talloc.c:517
 #6  talloc_free (ptr=0x4ec2d494) at talloc.c:990
 #7  0x0000f294 in sapi_queue_exeute (lchan=0x402414a0) at oml.c:528
 #8  0x0000f2d4 in sapi_queue_send (lchan=0x402414a0) at oml.c:542
 #9  0x0000f3e0 in sapi_queue_dispatch (lchan=0x402414a0, status=-4) at oml.c:565
 #10 0x000114d0 in lchan_deact_compl_cb (trx=0x4021e038, l1_msg=0x7e690) at oml.c:1269
 #11 0x0000d70c in l1if_handle_l1prim (wq=1, fl1h=0x607c8, msg=0x7e690) at l1_if.c:938

1 files changed, 1 insertions, 1 deletions

diff --git a/src/osmo-bts-sysmo/oml.c b/src/osmo-bts-sysmo/oml.c
index 452cfe3f..2145f2f3 100644
--- a/src/osmo-bts-sysmo/oml.c
+++ b/src/osmo-bts-sysmo/oml.c
@@ -554,7 +554,7 @@ static void sapi_queue_dispatch(struct gsm_lchan *lchan, int status)
 		cmd->callback(lchan, status);
 	talloc_free(cmd);
 
-	if (end) {
+	if (end || llist_empty(&lchan->sapi_cmds)) {
 		LOGP(DL1C, LOGL_NOTICE,
 			"%s End of queue encountered. Now empty? %d\n",
 			gsm_lchan_name(lchan), llist_empty(&lchan->sapi_cmds));