measurement: do not call msgb_l3len without checking

The function lchan_meas_handle_sacch() calls msgb_l3len without checking if l3h is even populated. Lets add a check to be sure. Change-Id: Ie5a9fe1ba880e68edb74f5f4ca559ac191330d4f
author: Philipp Maier <pmaier@sysmocom.de> 2022-10-06 18:21:11 +0200
committer: Philipp Maier <pmaier@sysmocom.de> 2022-10-11 11:45:14 +0200
commit: 0087a1137ebaa870cad23fec8d19a51c6843de56 (patch)
tree: a3a7d5f588f672f01300549cf883d80b12b4958a
parent: 2950c0363db6721fa8104c67fff3ff0e9f108dcd (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/common/measurement.c b/src/common/measurement.c
index 82a1cf40..ff6f6404 100644
--- a/src/common/measurement.c
+++ b/src/common/measurement.c
@@ -916,6 +916,8 @@ void lchan_meas_handle_sacch(struct gsm_lchan *lchan, struct msgb *msg)
 	uint8_t ms_ta;
 	int8_t ul_rssi;
 	int16_t ul_ci_cb;
+	uint8_t *l3;
+	unsigned int l3_len;
 
 	if (msgb_l2len(msg) == GSM_MACBLOCK_LEN) {
 		/* Some brilliant engineer decided that the ordering of
@@ -945,7 +947,9 @@ void lchan_meas_handle_sacch(struct gsm_lchan *lchan, struct msgb *msg)
 	}
 
 	timing_offset = ms_to_valid(lchan) ? ms_to2rsl(lchan, ms_ta) : -1;
-	rc = rsl_tx_meas_res(lchan, msgb_l3(msg), msgb_l3len(msg), timing_offset);
+	l3 = msgb_l3(msg);
+	l3_len = l3 ? msgb_l3len(msg) : 0;
+	rc = rsl_tx_meas_res(lchan, l3, l3_len, timing_offset);
 	if (rc == 0) /* Count successful transmissions */
 		lchan->meas.res_nr++;
author	Philipp Maier <pmaier@sysmocom.de>	2022-10-06 18:21:11 +0200
committer	Philipp Maier <pmaier@sysmocom.de>	2022-10-11 11:45:14 +0200
commit	0087a1137ebaa870cad23fec8d19a51c6843de56 (patch)
tree	a3a7d5f588f672f01300549cf883d80b12b4958a
parent	2950c0363db6721fa8104c67fff3ff0e9f108dcd (diff)