dexter has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmocore/+/22349 )
Change subject: gprs_ns2_vc_fsm: fix nullpointer dereference when sending uintdata ...................................................................... Patch Set 2: (2 comments) https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c File src/gb/gprs_ns2_vc_fsm.c: https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c@759 PS1, Line 759: if (nsh->pdu_type == NS_PDUT_UNITDATA) { : /* UNITDATA have to free msg because it might send the msg layer upwards */ : osmo_fsm_inst_dispatch(fi, GPRS_NS2_EV_RX_UNITDATA, msg); : return 0; : } > why are we moving this block before the call to gprs_ns2_validate() ? If the > validation fails, why i […] I have moved it since gprs_ns2_validate() also get a tp pointer, which is NULL on unit-data. gprs_ns2_validate() would segfault then. (See also gprs_ns2.c line 1102, however I do not know if this is allowed though) https://gerrit.osmocom.org/c/libosmocore/+/22349/1/src/gb/gprs_ns2_vc_fsm.c@765 PS1, Line 765: if (!tp) { > do OSMO_ASSERT(tp). A NULL tp should never happen except for UNITDATA. Only > UNITDATA is special. Done -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/22349 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I7d7c95604ba4af4ed4b6019f1d432970225f8d7a Gerrit-Change-Number: 22349 Gerrit-PatchSet: 2 Gerrit-Owner: dexter <[email protected]> Gerrit-Assignee: lynxis lazus <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: lynxis lazus <[email protected]> Gerrit-CC: laforge <[email protected]> Gerrit-Comment-Date: Thu, 21 Jan 2021 22:15:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: laforge <[email protected]> Comment-In-Reply-To: lynxis lazus <[email protected]> Gerrit-MessageType: comment
