From 37c332e5bfdb9591a1cd3cc6746afffdb1cd13b9 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Fri, 21 Feb 2014 15:09:12 +0100 Subject: agch/rsl: Fix msgb handling for IMMEDIATE ASSIGN Currently, the msg->data pointer is just set to the IMMEDIATE ASSIGN message and the len is adjusted accordingly. Unfortunately, this leaves l2h (pointing to the RSL header) and l3h (pointing to the FULL_IMM_ASS_INFO IE) in an undefined state (outside of [data, tail]). The code in bts.c accesses the message via msg->data. This patch sets l3h and l2h correctly. msgb_l3() will point to the start of the IMM ASS message and should be used instead of msg->data. Sponsored-by: On-Waves ehf --- src/osmo-bts-sysmo/l1_if.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/osmo-bts-sysmo') diff --git a/src/osmo-bts-sysmo/l1_if.c b/src/osmo-bts-sysmo/l1_if.c index 9eacb2ab..2a14dd05 100644 --- a/src/osmo-bts-sysmo/l1_if.c +++ b/src/osmo-bts-sysmo/l1_if.c @@ -517,7 +517,7 @@ static int handle_ph_readytosend_ind(struct femtol1_hdl *fl1, if (!msg) memcpy(msu_param->u8Buffer, fill_frame, GSM_MACBLOCK_LEN); else { - memcpy(msu_param->u8Buffer, msg->data, msg->len); + memcpy(msu_param->u8Buffer, msgb_l3(msg), msgb_l3len(msg)); msgb_free(msg); } } -- cgit v1.2.3