Review at https://gerrit.osmocom.org/3498
libmsc: make pitfall in gsm0408_dispatch() more obvious The function gsm0408_dispatch() accepts a message buffer pointer and accesses the l3h pointer. Even in a properly allocated message buffer, this may lead into a segfault if the user forgets to set the l3h pointer. This commit adds assertions to popup a more expressive error message. Change-Id: I43bd9bd1c170559aaa8dacaef25dba090744bcd5 --- M src/libmsc/gsm_04_08.c 1 file changed, 6 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/98/3498/1 diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index be23c64..f16cca0 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -3208,13 +3208,17 @@ /* Main entry point for GSM 04.08/44.008 Layer 3 data (e.g. from the BSC). */ int gsm0408_dispatch(struct gsm_subscriber_connection *conn, struct msgb *msg) { - struct gsm48_hdr *gh = msgb_l3(msg); - uint8_t pdisc = gsm48_hdr_pdisc(gh); + struct gsm48_hdr *gh; + uint8_t pdisc; int rc = 0; + OSMO_ASSERT(msg->l3h) OSMO_ASSERT(conn); OSMO_ASSERT(msg); + gh = msgb_l3(msg); + pdisc = gsm48_hdr_pdisc(gh); + LOGP(DRLL, LOGL_DEBUG, "Dispatching 04.08 message %s (0x%x:0x%x)\n", gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)), pdisc, gsm48_hdr_msg_type(gh)); -- To view, visit https://gerrit.osmocom.org/3498 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I43bd9bd1c170559aaa8dacaef25dba090744bcd5 Gerrit-PatchSet: 1 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <nhofm...@sysmocom.de> Gerrit-Reviewer: dexter <pma...@sysmocom.de>