From e9624acdc559978b56766fdb60c717f95067c1f6 Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Fri, 11 May 2018 04:11:14 +0700 Subject: mobile/gsm48_rr.c: prevent uninitialized memory access The rsl_dec_chan_nr() may fail to decode RSL channel number, so the 'ch_type' variable would be uninitialized. Let's check rc. Change-Id: I9ab18bdaf41a29fcd32a7060668ef9db07b8cf7e --- src/host/layer23/src/mobile/gsm48_rr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c index 8b7beab3..b61c92bd 100644 --- a/src/host/layer23/src/mobile/gsm48_rr.c +++ b/src/host/layer23/src/mobile/gsm48_rr.c @@ -3423,9 +3423,16 @@ static int gsm48_rr_set_mode(struct osmocom_ms *ms, uint8_t chan_nr, { struct gsm48_rrlayer *rr = &ms->rrlayer; uint8_t ch_type, ch_subch, ch_ts; + int rc; + + /* Decode RSL channel number */ + rc = rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts); + if (rc) { + LOGP(DRR, LOGL_ERROR, "Couldn't decode RSL channel number\n"); + return -EINVAL; + } /* only apply mode to TCH/F or TCH/H */ - rsl_dec_chan_nr(chan_nr, &ch_type, &ch_subch, &ch_ts); if (ch_type != RSL_CHAN_Bm_ACCHs && ch_type != RSL_CHAN_Lm_ACCHs) return -ENOTSUP; -- cgit v1.2.3