From eb3a1cde8c29f90044ba7a0a180f7c8dc835952f Mon Sep 17 00:00:00 2001 From: Vadim Yanitskiy Date: Fri, 9 Mar 2018 14:20:41 +0700 Subject: trxcon/l1ctl_link.c: allocate msgb after its length is read Change-Id: I2b941c5ed91097c4ed2d859634bbe89f44546061 --- src/host/trxcon/l1ctl_link.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/host/trxcon/l1ctl_link.c b/src/host/trxcon/l1ctl_link.c index 0fa3efe5..20cb70ce 100644 --- a/src/host/trxcon/l1ctl_link.c +++ b/src/host/trxcon/l1ctl_link.c @@ -75,19 +75,10 @@ static int l1ctl_link_read_cb(struct osmo_fd *bfd) uint16_t len; int rc; - /* Allocate a new msg */ - msg = msgb_alloc_headroom(L1CTL_LENGTH + L1CTL_HEADROOM, - L1CTL_HEADROOM, "l1ctl_rx_msg"); - if (!msg) { - LOGP(DL1D, LOGL_ERROR, "Failed to allocate msg\n"); - return -ENOMEM; - } - /* Attempt to read from socket */ rc = read(bfd->fd, &len, L1CTL_MSG_LEN_FIELD); if (rc < L1CTL_MSG_LEN_FIELD) { LOGP(DL1D, LOGL_NOTICE, "L1CTL has lost connection\n"); - msgb_free(msg); if (rc >= 0) rc = -EIO; l1ctl_link_close_conn(l1l); @@ -98,10 +89,17 @@ static int l1ctl_link_read_cb(struct osmo_fd *bfd) len = ntohs(len); if (len > L1CTL_LENGTH) { LOGP(DL1D, LOGL_ERROR, "Length is too big: %u\n", len); - msgb_free(msg); return -EINVAL; } + /* Allocate a new msg */ + msg = msgb_alloc_headroom(L1CTL_LENGTH + L1CTL_HEADROOM, + L1CTL_HEADROOM, "l1ctl_rx_msg"); + if (!msg) { + LOGP(DL1D, LOGL_ERROR, "Failed to allocate msg\n"); + return -ENOMEM; + } + msg->l1h = msgb_put(msg, len); rc = read(bfd->fd, msg->l1h, msgb_l1len(msg)); if (rc != len) { -- cgit v1.2.3