diff options
author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-02-21 15:09:12 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-02-22 08:41:02 +0100 |
commit | 37c332e5bfdb9591a1cd3cc6746afffdb1cd13b9 (patch) | |
tree | c728088107ecd603b772f978b75b83b6ea1da9b7 | |
parent | bbfd21a36cdd10c3b8d83a329042d9ebfb4c5250 (diff) |
agch/rsl: Fix msgb handling for IMMEDIATE ASSIGN
Currently, the msg->data pointer is just set to the IMMEDIATE ASSIGN
message and the len is adjusted accordingly. Unfortunately, this
leaves l2h (pointing to the RSL header) and l3h (pointing to the
FULL_IMM_ASS_INFO IE) in an undefined state (outside of [data, tail]).
The code in bts.c accesses the message via msg->data.
This patch sets l3h and l2h correctly. msgb_l3() will point to the
start of the IMM ASS message and should be used instead of msg->data.
Sponsored-by: On-Waves ehf
-rw-r--r-- | src/common/rsl.c | 4 | ||||
-rw-r--r-- | src/osmo-bts-sysmo/l1_if.c | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/src/common/rsl.c b/src/common/rsl.c index 4334b05d..6c1af2ec 100644 --- a/src/common/rsl.c +++ b/src/common/rsl.c @@ -466,7 +466,9 @@ static int rsl_rx_imm_ass(struct gsm_bts_trx *trx, struct msgb *msg) return rsl_tx_error_report(trx, RSL_ERR_MAND_IE_ERROR); /* cut down msg to the 04.08 RR part */ - msg->data = (uint8_t *) TLVP_VAL(&tp, RSL_IE_FULL_IMM_ASS_INFO); + msg->l3h = (uint8_t *) TLVP_VAL(&tp, RSL_IE_FULL_IMM_ASS_INFO); + msg->data = msg->l3h; + msg->l2h = NULL; msg->len = TLVP_LEN(&tp, RSL_IE_FULL_IMM_ASS_INFO); /* put into the AGCH queue of the BTS */ diff --git a/src/osmo-bts-sysmo/l1_if.c b/src/osmo-bts-sysmo/l1_if.c index 9eacb2ab..2a14dd05 100644 --- a/src/osmo-bts-sysmo/l1_if.c +++ b/src/osmo-bts-sysmo/l1_if.c @@ -517,7 +517,7 @@ static int handle_ph_readytosend_ind(struct femtol1_hdl *fl1, if (!msg) memcpy(msu_param->u8Buffer, fill_frame, GSM_MACBLOCK_LEN); else { - memcpy(msu_param->u8Buffer, msg->data, msg->len); + memcpy(msu_param->u8Buffer, msgb_l3(msg), msgb_l3len(msg)); msgb_free(msg); } } |