diff options
author | Vadim Yanitskiy <axilirator@gmail.com> | 2018-05-11 04:11:14 +0700 |
---|---|---|
committer | Vadim Yanitskiy <axilirator@gmail.com> | 2018-10-03 18:43:07 +0700 |
commit | e9624acdc559978b56766fdb60c717f95067c1f6 (patch) | |
tree | 40e4529120a46d589cea6b1762c7a37d9b5f6d17 /src/host/layer23/src/mobile | |
parent | dfca1be49890f166c699eb798ec8539d2b006eef (diff) |
mobile/gsm48_rr.c: prevent uninitialized memory access
The rsl_dec_chan_nr() may fail to decode RSL channel number, so
the 'ch_type' variable would be uninitialized. Let's check rc.
Change-Id: I9ab18bdaf41a29fcd32a7060668ef9db07b8cf7e
Diffstat (limited to 'src/host/layer23/src/mobile')
-rw-r--r-- | src/host/layer23/src/mobile/gsm48_rr.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index 8b7beab3..b61c92bd 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -3423,9 +3423,16 @@ static int gsm48_rr_set_mode(struct osmocom_ms *ms, uint8_t chan_nr, { struct gsm48_rrlayer *rr = &ms->rrlayer; uint8_t ch_type, ch_subch, ch_ts; + int rc; + + /* Decode RSL channel number */ + rc = rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts); + if (rc) { + LOGP(DRR, LOGL_ERROR, "Couldn't decode RSL channel number\n"); + return -EINVAL; + } /* only apply mode to TCH/F or TCH/H */ - rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts); if (ch_type != RSL_CHAN_Bm_ACCHs && ch_type != RSL_CHAN_Lm_ACCHs) return -ENOTSUP; |