From f3ba4d7bd29ac63f209c7f6ebbe25eb587e0a1a2 Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Tue, 8 Jan 2019 13:04:41 +0100
Subject: paging: fix nullpointer deref

In theroy the function T_def_get_entry() may return a nullpointer. In
this case we would run straight into a nullpointer dereference problem.
However, the requested timer is statically defined and should always be
there. However Coverity still reports this as a problem. Lets put an
OSMO_ASSERT to make clear that there is no problem here.

Fixes: CID#190403
Change-Id: If5238132d9d5a1507b9955a0b2dc4b1bced220e8
---
 src/osmo-bsc/paging.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/osmo-bsc')

diff --git a/src/osmo-bsc/paging.c b/src/osmo-bsc/paging.c
index 2c9d5cd2c..066db1c62 100644
--- a/src/osmo-bsc/paging.c
+++ b/src/osmo-bsc/paging.c
@@ -296,6 +296,11 @@ static unsigned int calculate_timer_3113(struct gsm_bts *bts)
 	unsigned int to_us, to;
 	struct T_def *d = T_def_get_entry(bts->network->T_defs, 3113);
 
+	/* Note: d should always contain a valid pointer since all timers,
+	 * including 3113 are statically pre-defined in
+	 * struct T_def gsm_network_T_defs. */
+	OSMO_ASSERT(d);
+
 	if (!bts->T3113_dynamic)
 		return d->val;
 
-- 
cgit v1.2.3