diff options
| author | Vadim Yanitskiy <axilirator@gmail.com> | 2020-02-28 20:22:44 +0700 |
|---|---|---|
| committer | Vadim Yanitskiy <axilirator@gmail.com> | 2020-03-01 02:22:13 +0700 |
| commit | c083e2ce90e0075db7f1ca8498e6223e5d3ed43f (patch) | |
| tree | 0ca9934949e3fd8b50315296615530c759706fd5 | |
| parent | 3f25909e108dc1504b93c82eeb226d898fc8f086 (diff) | |
layer23/l1ctl: fix NULL-pointer dereference reported by ASan
Some applications (e.g. ccch_scan) may not initialize ms->cellsel.si,
some (e.g. mobile) may need some time to initialize it. Let's assume
that 'bs_ag_blks_res' is 1 if System Information is not available.
Change-Id: Ie695d9700c01ee1e6778950a2f3c8610b69d2143
| -rw-r--r-- | src/host/layer23/src/common/l1ctl.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/host/layer23/src/common/l1ctl.c b/src/host/layer23/src/common/l1ctl.c index de669722..b6ee455a 100644 --- a/src/host/layer23/src/common/l1ctl.c +++ b/src/host/layer23/src/common/l1ctl.c @@ -218,6 +218,7 @@ static int rx_ph_data_ind(struct osmocom_ms *ms, struct msgb *msg) struct rx_meas_stat *meas = &ms->meas; uint8_t chan_type, chan_ts, chan_ss; uint8_t gsmtap_chan_type; + uint8_t bs_ag_blks_res; struct gsm_time tm; if (msgb_l1len(msg) < sizeof(*dl)) { @@ -302,7 +303,13 @@ static int rx_ph_data_ind(struct osmocom_ms *ms, struct msgb *msg) return 0; } - gsmtap_chan_type = chantype_rsl2gsmtap_ext(chan_type, dl->link_id, tm.fn, ms->cellsel.si->bs_ag_blks_res); + /* May not be initialized in some applications (e.g. ccch_scan) */ + if (ms->cellsel.si != NULL) + bs_ag_blks_res = ms->cellsel.si->bs_ag_blks_res; + else /* fall-back to 1 (this is what OsmoBTS does) */ + bs_ag_blks_res = 1; + + gsmtap_chan_type = chantype_rsl2gsmtap_ext(chan_type, dl->link_id, tm.fn, bs_ag_blks_res); /* don't log fill frames via GSMTAP; they serve no purpose other than * to clog up your logs */ if (!is_fill_frame(gsmtap_chan_type, ccch->data)) { |