Review at https://gerrit.osmocom.org/4740
l1sap: Fix abort on big RTP packet received
Recently while testing new osmo-mgw, big RTP packets (around 4K bytes,
see OS#2625 for more info), were being received on the BTS, which was
aborting with the following message:
"msgb(0xff208): Not enough tailroom msgb_put (348 < 1488)"
The crash can be reproduced in a sysmobts as well as on my PC locally
with osmo-bts-trx. I used osmo-bts-trx to test that the patch solved the
abort.
Fixes: OS#2624
Change-Id: Idfde1dacc3dc3d3d5e239cf1f7e39ade7fc25975
---
M src/common/l1sap.c
1 file changed, 3 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bts refs/changes/40/4740/1
diff --git a/src/common/l1sap.c b/src/common/l1sap.c
index ebcfd2f..c388c82 100644
--- a/src/common/l1sap.c
+++ b/src/common/l1sap.c
@@ -117,7 +117,9 @@
* in front and behind data pointer */
struct msgb *l1sap_msgb_alloc(unsigned int l2_len)
{
- struct msgb *msg = msgb_alloc_headroom(512, 128, "l1sap_prim");
+ int headroom = 128;
+ int size = headroom + sizeof(struct osmo_phsap_prim) + l2_len;
+ struct msgb *msg = msgb_alloc_headroom(size, headroom, "l1sap_prim");
if (!msg)
return NULL;
--
To view, visit https://gerrit.osmocom.org/4740
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idfde1dacc3dc3d3d5e239cf1f7e39ade7fc25975
Gerrit-PatchSet: 1
Gerrit-Project: osmo-bts
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <[email protected]>
