[S] Change in osmocom-bb[master]: trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn()

Wed, 22 May 2024 18:59:51 -0700 

fixeria has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/osmocom-bb/+/36910?usp=email )


Change subject: trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn()
......................................................................

trxcon/l1sched: fix NULL pointer dereference in tx_tch[fh]_fn()

If msg is NULL, we're inducing a BFI condition at the BTS side receiver
by sending a TCH/A[FH]S block with invalid CRC6.  In this case we need
to skip the rest of the function and jump to send_burst immediately.

Change-Id: I159b2ed455377c77d8764f9320efd15333129afb
Fixes: 7c00190b "trxcon/l1sched: fix sending dummy TCH/A[FH]S blocks"
Fixes: CID#368538
---
M src/host/trxcon/src/sched_lchan_tchf.c
M src/host/trxcon/src/sched_lchan_tchh.c
2 files changed, 19 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/10/36910/1

diff --git a/src/host/trxcon/src/sched_lchan_tchf.c 
b/src/host/trxcon/src/sched_lchan_tchf.c
index d11b314..7cc1856 100644
--- a/src/host/trxcon/src/sched_lchan_tchf.c
+++ b/src/host/trxcon/src/sched_lchan_tchf.c
@@ -321,6 +321,8 @@
                                            lchan->amr.codecs,
                                            lchan->amr.ul_ft,
                                            lchan->amr.ul_cmr);
+               if (msg == NULL)
+                       goto send_burst;
                break;
        }
        /* CSD (TCH/F14.4): 14.5 kbit/s radio interface rate */
diff --git a/src/host/trxcon/src/sched_lchan_tchh.c 
b/src/host/trxcon/src/sched_lchan_tchh.c
index 0d3de00..6c88d19 100644
--- a/src/host/trxcon/src/sched_lchan_tchh.c
+++ b/src/host/trxcon/src/sched_lchan_tchh.c
@@ -528,6 +528,8 @@
                                            lchan->amr.codecs,
                                            lchan->amr.ul_ft,
                                            lchan->amr.ul_cmr);
+               if (msg == NULL)
+                       goto send_burst;
                break;
        }
        /* CSD (TCH/H4.8): 6.0 kbit/s radio interface rate */

--
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/36910?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: I159b2ed455377c77d8764f9320efd15333129afb
Gerrit-Change-Number: 36910
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanits...@sysmocom.de>
Gerrit-MessageType: newchange

Reply via email to