summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVadim Yanitskiy <axilirator@gmail.com>2018-05-11 04:11:14 +0700
committerVadim Yanitskiy <axilirator@gmail.com>2018-10-03 18:43:07 +0700
commite9624acdc559978b56766fdb60c717f95067c1f6 (patch)
tree40e4529120a46d589cea6b1762c7a37d9b5f6d17
parentdfca1be49890f166c699eb798ec8539d2b006eef (diff)
mobile/gsm48_rr.c: prevent uninitialized memory access
The rsl_dec_chan_nr() may fail to decode RSL channel number, so the 'ch_type' variable would be uninitialized. Let's check rc. Change-Id: I9ab18bdaf41a29fcd32a7060668ef9db07b8cf7e
-rw-r--r--src/host/layer23/src/mobile/gsm48_rr.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c
index 8b7beab3..b61c92bd 100644
--- a/src/host/layer23/src/mobile/gsm48_rr.c
+++ b/src/host/layer23/src/mobile/gsm48_rr.c
@@ -3423,9 +3423,16 @@ static int gsm48_rr_set_mode(struct osmocom_ms *ms, uint8_t chan_nr,
{
struct gsm48_rrlayer *rr = &ms->rrlayer;
uint8_t ch_type, ch_subch, ch_ts;
+ int rc;
+
+ /* Decode RSL channel number */
+ rc = rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts);
+ if (rc) {
+ LOGP(DRR, LOGL_ERROR, "Couldn't decode RSL channel number\n");
+ return -EINVAL;
+ }
/* only apply mode to TCH/F or TCH/H */
- rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts);
if (ch_type != RSL_CHAN_Bm_ACCHs
&& ch_type != RSL_CHAN_Lm_ACCHs)
return -ENOTSUP;