diff options
author | Harald Welte <laforge@gnumonks.org> | 2017-11-06 02:54:36 +0900 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-11-06 02:54:36 +0900 |
commit | d8d402099f3a47d7b50fdab79a6c55d57937bfa7 (patch) | |
tree | 55d1803072d4055420da431f2791f9b70f5ad656 /src/osmo-bts-trx/trx_if.c | |
parent | 6733906f62dae6f1a7f21c23627009e4060966fa (diff) |
trx: Avoid NULL+1 dereference in trx_ctrl_read_cb()
We unconditionally pass "p+1" into sscanf() despite not knowing
if 'p' is NULL or not.
Change-Id: I40a49c3feb3b55ef577eebd7d567afdbcfe0d624
Fixes: Coverity CID#178661
Diffstat (limited to 'src/osmo-bts-trx/trx_if.c')
-rw-r--r-- | src/osmo-bts-trx/trx_if.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/osmo-bts-trx/trx_if.c b/src/osmo-bts-trx/trx_if.c index 5d8f6c47..1332854d 100644 --- a/src/osmo-bts-trx/trx_if.c +++ b/src/osmo-bts-trx/trx_if.c @@ -397,7 +397,9 @@ static int trx_ctrl_read_cb(struct osmo_fd *ofd, unsigned int what) goto notmatch; /* check for response code */ - sscanf(p + 1, "%d", &resp); + resp = 0; + if (p) + sscanf(p + 1, "%d", &resp); if (resp) { LOGP(DTRX, (tcm->critical) ? LOGL_FATAL : LOGL_NOTICE, "transceiver (%s) rejected TRX command " |