misc: Check return value of msgb _alloc functions

Attempt to catch all functions that allocate a msgb and didn't check the return value of the allocation.
author: Holger Hans Peter Freyther <zecke@selfish.org> 2012-01-23 10:22:09 +0100
committer: Holger Hans Peter Freyther <zecke@selfish.org> 2012-01-23 10:22:09 +0100
commit: 6dd7c4fb573bb51729560b700d4e837ce2b32fdb (patch)
tree: 7d88f245ed9c41fa6c9ddc78d52b6fe84f475848
parent: bb9647f65108cd2f4f961306b1b4b8354e2d49bb (diff)
3 files changed, 111 insertions, 27 deletions
diff --git a/src/common/oml.c b/src/common/oml.c
index a7bcc407..f6eaec75 100644
--- a/src/common/oml.c
+++ b/src/common/oml.c
@@ -288,10 +288,14 @@ int oml_fom_ack_nack(struct msgb *old_msg, uint8_t cause)
 {
 	struct abis_om_hdr *old_oh = msgb_l2(old_msg);
 	struct abis_om_fom_hdr *old_foh = msgb_l3(old_msg);
-	struct msgb *msg = oml_msgb_alloc();
+	struct msgb *msg;
 	struct abis_om_fom_hdr *foh;
 	int is_manuf = 0;
 
+	msg = oml_msgb_alloc();
+	if (!msg)
+		return -ENOMEM;
+
 	/* make sure to respond with MANUF if request was MANUF */
 	if (old_oh->mdisc == ABIS_OM_MDISC_MANUF)
 		is_manuf = 1;
diff --git a/src/common/rsl.c b/src/common/rsl.c
index 4c4d397a..d0d38e86 100644
--- a/src/common/rsl.c
+++ b/src/common/rsl.c
@@ -465,11 +465,15 @@ static int rsl_rx_imm_ass(struct gsm_bts_trx *trx, struct msgb *msg)
 /* 8.4.19 sending RF CHANnel RELease ACKnowledge */
 int rsl_tx_rf_rel_ack(struct gsm_lchan *lchan)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_NOTICE, "%s Tx RF CHAN REL ACK\n", gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	rsl_dch_push_hdr(msg, RSL_MT_RF_CHAN_REL_ACK, chan_nr);
 	msg->trx = lchan->ts->trx;
 
@@ -479,12 +483,16 @@ int rsl_tx_rf_rel_ack(struct gsm_lchan *lchan)
 /* 8.4.2 sending CHANnel ACTIVation ACKnowledge */
 int rsl_tx_chan_act_ack(struct gsm_lchan *lchan, struct gsm_time *gtime)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 	uint8_t ie[2];
 
 	LOGP(DRSL, LOGL_NOTICE, "%s Tx CHAN ACT ACK\n", gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	gsm48_gen_starting_time(ie, gtime);
 	msgb_tv_fixed_put(msg, RSL_IE_FRAME_NUMBER, 2, ie);
 	rsl_dch_push_hdr(msg, RSL_MT_CHAN_ACTIV_ACK, chan_nr);
@@ -730,11 +738,15 @@ static int rsl_rx_rf_chan_rel(struct gsm_lchan *lchan)
 static int tx_ciph_mod_compl_hack(struct gsm_lchan *lchan, uint8_t link_id,
 				  const char *imeisv)
 {
-	struct msgb *fake_msg = rsl_msgb_alloc(128);
+	struct msgb *fake_msg;
 	struct gsm48_hdr *g48h;
 	uint8_t mid_buf[11];
 	int rc;
 
+	fake_msg = rsl_msgb_alloc(128);
+	if (!fake_msg)
+		return -ENOMEM;
+
 	/* generate 04.08 RR message */
 	g48h = (struct gsm48_hdr *) msgb_put(fake_msg, sizeof(*g48h));
 	g48h->proto_discr = GSM48_PDISC_RR;
@@ -857,12 +869,16 @@ static int rsl_rx_encr_cmd(struct msgb *msg)
 /* 8.4.11 MODE MODIFY NEGATIVE ACKNOWLEDGE */
 static int rsl_tx_mode_modif_nack(struct gsm_lchan *lchan, uint8_t cause)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_NOTICE, "%s Tx MODE MODIFY NACK (cause = 0x%02x)\n",
 	     gsm_lchan_name(lchan), cause);
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	msg->len = 0;
 	msg->data = msg->tail = msg->l3h;
 
@@ -877,11 +893,15 @@ static int rsl_tx_mode_modif_nack(struct gsm_lchan *lchan, uint8_t cause)
 /* 8.4.10 MODE MODIFY ACK */
 static int rsl_tx_mode_modif_ack(struct gsm_lchan *lchan)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_INFO, "%s Tx MODE MODIF ACK\n", gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	rsl_dch_push_hdr(msg, RSL_MT_MODE_MODIFY_ACK, chan_nr);
 	msg->trx = lchan->ts->trx;
 
@@ -1020,7 +1040,7 @@ int rsl_tx_ipac_dlcx_ind(struct gsm_lchan *lchan, uint8_t cause)
 static int rsl_tx_ipac_XXcx_ack(struct gsm_lchan *lchan, int inc_pt2,
 				  uint8_t orig_msgt)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 	uint32_t *att_ip;
 	const char *name;
@@ -1039,6 +1059,11 @@ static int rsl_tx_ipac_XXcx_ack(struct gsm_lchan *lchan, int inc_pt2,
 	LOGPC(DRSL, LOGL_INFO, "remote %s:%u)\n",
 		inet_ntoa(ia), lchan->abis_ip.connect_port);
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
+
 	/* Connection ID */
 	msgb_tv16_put(msg, RSL_IE_IPAC_CONN_ID, htons(lchan->abis_ip.conn_id));
 
@@ -1066,12 +1091,16 @@ static int rsl_tx_ipac_XXcx_ack(struct gsm_lchan *lchan, int inc_pt2,
 
 static int rsl_tx_ipac_dlcx_ack(struct gsm_lchan *lchan, int inc_conn_id)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_INFO, "%s RSL Tx IPAC_DLCX_ACK\n",
 		gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	if (inc_conn_id)
 		msgb_tv_put(msg, RSL_IE_IPAC_CONN_ID, lchan->abis_ip.conn_id);
 
@@ -1084,12 +1113,16 @@ static int rsl_tx_ipac_dlcx_ack(struct gsm_lchan *lchan, int inc_conn_id)
 static int rsl_tx_ipac_dlcx_nack(struct gsm_lchan *lchan, int inc_conn_id,
 				 uint8_t cause)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_INFO, "%s RSL Tx IPAC_DLCX_NACK\n",
 		gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	if (inc_conn_id)
 		msgb_tv_put(msg, RSL_IE_IPAC_CONN_ID, lchan->abis_ip.conn_id);
 
@@ -1107,13 +1140,17 @@ static int rsl_tx_ipac_dlcx_nack(struct gsm_lchan *lchan, int inc_conn_id,
 static int tx_ipac_XXcx_nack(struct gsm_lchan *lchan, uint8_t cause,
 			     int inc_ipport, uint8_t orig_msgtype)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	/* FIXME: allocate new msgb and copy old over */
 	LOGP(DRSL, LOGL_NOTICE, "%s RSL Tx IPAC_BIND_NACK\n",
 		gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	if (inc_ipport) {
 		uint32_t *att_ip;
 		/* remote IP */
@@ -1378,11 +1415,15 @@ static int rslms_is_meas_rep(struct msgb *msg)
 /* 8.4.8 MEASUREMENT RESult */
 static int rsl_tx_meas_res(struct gsm_lchan *lchan, uint8_t *l3, int l3_len)
 {
-	struct msgb *msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	struct msgb *msg;
 	uint8_t chan_nr = gsm_lchan2chan_nr(lchan);
 
 	LOGP(DRSL, LOGL_NOTICE, "%s Tx MEAS RES\n", gsm_lchan_name(lchan));
 
+	msg = rsl_msgb_alloc(sizeof(struct abis_rsl_dchan_hdr));
+	if (!msg)
+		return -ENOMEM;
+
 	msgb_tv_put(msg, RSL_IE_MEAS_RES_NR, lchan->meas.res_nr++);
 	if (lchan->meas.flags & LC_UL_M_F_RES_VALID) {
 		uint8_t meas_res[16];
diff --git a/src/osmo-bts-sysmo/tch.c b/src/osmo-bts-sysmo/tch.c
index 9ea78072..31f86896 100644
--- a/src/osmo-bts-sysmo/tch.c
+++ b/src/osmo-bts-sysmo/tch.c
@@ -97,9 +97,13 @@ void osmo_nibble_shift_left_unal(uint8_t *out, const uint8_t *in,
 
 static struct msgb *l1_to_rtppayload_fr(uint8_t *l1_payload, uint8_t payload_len)
 {
-	struct msgb *msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	struct msgb *msg;
 	uint8_t *cur;
 
+	msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	if (!msg)
+		return NULL;
+
 	/* step1: reverse the bit-order of each payload byte */
 	osmo_revbytebits_buf(l1_payload, payload_len);
 
@@ -134,9 +138,13 @@ static int rtppayload_to_l1_fr(uint8_t *l1_payload, const uint8_t *rtp_payload,
 #ifdef GsmL1_TchPlType_Efr
 static struct msgb *l1_to_rtppayload_efr(uint8_t *l1_payload, uint8_t payload_len)
 {
-	struct msgb *msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	struct msgb *msg;
 	uint8_t *cur;
 
+	msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	if (!msg)
+		return NULL;
+
 	/* step1: reverse the bit-order of each payload byte */
 	osmo_revbytebits_buf(l1_payload, payload_len);
 
@@ -155,9 +163,13 @@ static struct msgb *l1_to_rtppayload_efr(uint8_t *l1_payload, uint8_t payload_le
 
 static struct msgb *l1_to_rtppayload_hr(uint8_t *l1_payload, uint8_t payload_len)
 {
-	struct msgb *msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	struct msgb *msg;
 	uint8_t *cur;
 
+	msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	if (!msg)
+		return NULL;
+
 	if (payload_len != GSM_HR_BYTES) {
 		LOGP(DL1C, LOGL_ERROR, "L1 HR frame length %u != expected %u\n",
 			payload_len, GSM_HR_BYTES);
@@ -203,12 +215,16 @@ static int rtppayload_to_l1_hr(uint8_t *l1_payload, const uint8_t *rtp_payload,
 static struct msgb *l1_to_rtppayload_amr(uint8_t *l1_payload, uint8_t payload_len,
 					 struct amr_multirate_conf *amr_mrc)
 {
-	struct msgb *msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	struct msgb *msg;
 	uint8_t *cur;
 	u_int8_t cmr;
 	uint8_t ft = l1_payload[2] & 0xF;
 	uint8_t amr_if2_len = payload_len - 2;
 
+	msg = msgb_alloc_headroom(1024, 128, "L1C-to-RTP");
+	if (!msg)
+		return NULL;
+
 #if 0
 	uint8_t cmr_idx = l1_payload[1];
 
@@ -375,17 +391,30 @@ void bts_model_rtp_rx_cb(struct osmo_rtp_socket *rs, const uint8_t *rtp_pl,
 			 unsigned int rtp_pl_len)
 {
 	struct gsm_lchan *lchan = rs->priv;
-	struct msgb *msg = l1p_msgb_alloc();
-	GsmL1_Prim_t *l1p = msgb_l1prim(msg);
-	GsmL1_PhDataReq_t *data_req = &l1p->u.phDataReq;
-	GsmL1_MsgUnitParam_t *msu_param = &data_req->msgUnitParam;
-	uint8_t *payload_type = &msu_param->u8Buffer[0];
-	uint8_t *l1_payload = &msu_param->u8Buffer[1];
+	struct msgb *msg;
+	GsmL1_Prim_t *l1p;
+	GsmL1_PhDataReq_t *data_req;
+	GsmL1_MsgUnitParam_t *msu_param;
+	uint8_t *payload_type;
+	uint8_t *l1_payload;
 	int rc;
 
 	DEBUGP(DRTP, "%s RTP IN: %s\n", gsm_lchan_name(lchan),
 		osmo_hexdump(rtp_pl, rtp_pl_len));
 
+	msg = l1p_msgb_alloc();
+	if (!msg) {
+		LOGP(DRTP, LOGL_ERROR, "%s: Failed to allocate Rx payload.\n",
+			gsm_lchan_name(lchan));
+		return;
+	}
+
+	l1p = msgb_l1prim(msg);
+	data_req = &l1p->u.phDataReq;
+	msu_param = &data_req->msgUnitParam;
+	payload_type = &msu_param->u8Buffer[0];
+	l1_payload = &msu_param->u8Buffer[1];
+
 	switch (lchan->tch_mode) {
 	case GSM48_CMODE_SPEECH_V1:
 		if (lchan->type == GSM_LCHAN_TCH_F) {
@@ -533,12 +562,22 @@ err_payload_match:
 
 struct msgb *gen_empty_tch_msg(struct gsm_lchan *lchan)
 {
-	struct msgb *msg = l1p_msgb_alloc();
-	GsmL1_Prim_t *l1p = msgb_l1prim(msg);
-	GsmL1_PhDataReq_t *data_req = &l1p->u.phDataReq;
-	GsmL1_MsgUnitParam_t *msu_param = &data_req->msgUnitParam;
-	uint8_t *payload_type = &msu_param->u8Buffer[0];
-	uint8_t *l1_payload = &msu_param->u8Buffer[1];
+	struct msgb *msg;
+	GsmL1_Prim_t *l1p;
+	GsmL1_PhDataReq_t *data_req;
+	GsmL1_MsgUnitParam_t *msu_param;
+	uint8_t *payload_type;
+	uint8_t *l1_payload;
+
+	msg = l1p_msgb_alloc();
+	if (!msg)
+		return NULL;
+
+	l1p = msgb_l1prim(msg);
+	data_req = &l1p->u.phDataReq;
+	msu_param = &data_req->msgUnitParam;
+	payload_type = &msu_param->u8Buffer[0];
+	l1_payload = &msu_param->u8Buffer[1];
 
 	switch (lchan->tch_mode) {
 	case GSM48_CMODE_SPEECH_AMR:
author	Holger Hans Peter Freyther <zecke@selfish.org>	2012-01-23 10:22:09 +0100
committer	Holger Hans Peter Freyther <zecke@selfish.org>	2012-01-23 10:22:09 +0100
commit	6dd7c4fb573bb51729560b700d4e837ce2b32fdb (patch)
tree	7d88f245ed9c41fa6c9ddc78d52b6fe84f475848
parent	bb9647f65108cd2f4f961306b1b4b8354e2d49bb (diff)