diff options
| author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2023-07-21 01:17:02 +0700 |
|---|---|---|
| committer | laforge <laforge@osmocom.org> | 2023-07-21 11:06:00 +0000 |
| commit | 29fcae86324f5d004574e51c827c90523150e86f (patch) | |
| tree | 9ccb5f71b0d381f67796e398d41e9f743132f266 | |
| parent | fa90ff3e6798c952e09fe67e0d77b9518d2da616 (diff) | |
osmo-bts-trx: tx_tch[fh]_fn(): fix NULL pointer dereference
It may happen that only FACCH is available for transmission, so msg_tch
would be NULL in this case. Check it before dereferencing.
Change-Id: I0e7d5634b5223bc246badbb8e94b620c967ab121
Related: OS#1572
| -rw-r--r-- | src/osmo-bts-trx/sched_lchan_tchf.c | 9 | ||||
| -rw-r--r-- | src/osmo-bts-trx/sched_lchan_tchh.c | 6 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/osmo-bts-trx/sched_lchan_tchf.c b/src/osmo-bts-trx/sched_lchan_tchf.c index 949e059f..ae800a92 100644 --- a/src/osmo-bts-trx/sched_lchan_tchf.c +++ b/src/osmo-bts-trx/sched_lchan_tchf.c @@ -578,13 +578,15 @@ int tx_tchf_fn(struct l1sched_ts *l1ts, struct trx_dl_burst_req *br) break; /* CSD (TCH/F9.6): 12.0 kbit/s radio interface rate */ case GSM48_CMODE_DATA_12k0: - gsm0503_tch_fr96_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); + if (msg_tch != NULL) + gsm0503_tch_fr96_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); if (msg_facch != NULL) gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch)); break; /* CSD (TCH/F4.8): 6.0 kbit/s radio interface rate */ case GSM48_CMODE_DATA_6k0: - gsm0503_tch_fr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); + if (msg_tch != NULL) + gsm0503_tch_fr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); if (msg_facch != NULL) gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch)); break; @@ -598,7 +600,8 @@ int tx_tchf_fn(struct l1sched_ts *l1ts, struct trx_dl_burst_req *br) break; /* CSD (TCH/F14.4): 14.5 kbit/s radio interface rate */ case GSM48_CMODE_DATA_14k5: - gsm0503_tch_fr144_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); + if (msg_tch != NULL) + gsm0503_tch_fr144_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); if (msg_facch != NULL) gsm0503_tch_fr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch)); break; diff --git a/src/osmo-bts-trx/sched_lchan_tchh.c b/src/osmo-bts-trx/sched_lchan_tchh.c index 7e494def..2f384af8 100644 --- a/src/osmo-bts-trx/sched_lchan_tchh.c +++ b/src/osmo-bts-trx/sched_lchan_tchh.c @@ -513,13 +513,15 @@ int tx_tchh_fn(struct l1sched_ts *l1ts, struct trx_dl_burst_req *br) break; /* CSD (TCH/H4.8): 6.0 kbit/s radio interface rate */ case GSM48_CMODE_DATA_6k0: - gsm0503_tch_hr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); + if (msg_tch != NULL) + gsm0503_tch_hr48_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); if (msg_facch != NULL) gsm0503_tch_hr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch)); break; /* CSD (TCH/H2.4): 3.6 kbit/s radio interface rate */ case GSM48_CMODE_DATA_3k6: - gsm0503_tch_hr24_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); + if (msg_tch != NULL) + gsm0503_tch_hr24_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_tch)); if (msg_facch != NULL) gsm0503_tch_hr_facch_encode(BUFPOS(bursts_p, 0), msgb_l2(msg_facch)); break; |