From 25647562968ac6985e3999f4e71bbfd7751d6715 Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Wed, 8 Nov 2017 16:38:53 +0100 Subject: [PATCH] l1sap: Fix abort on big RTP packet received Recently while testing new osmo-mgw, big RTP packets (around 4K bytes, see OS#2625 for more info), were being received on the BTS, which was aborting with the following message: "msgb(0xff208): Not enough tailroom msgb_put (348 < 1488)" The crash can be reproduced in a sysmobts as well as on my PC locally with osmo-bts-trx. I used osmo-bts-trx to test that the patch solved the abort. Fixes: OS#2624 Change-Id: Idfde1dacc3dc3d3d5e239cf1f7e39ade7fc25975 --- src/common/l1sap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/l1sap.c b/src/common/l1sap.c index ebcfd2f34..c388c824c 100644 --- a/src/common/l1sap.c +++ b/src/common/l1sap.c @@ -117,7 +117,9 @@ static void queue_limit_to(const char *prefix, struct llist_head *queue, unsigne * in front and behind data pointer */ struct msgb *l1sap_msgb_alloc(unsigned int l2_len) { - struct msgb *msg = msgb_alloc_headroom(512, 128, "l1sap_prim"); + int headroom = 128; + int size = headroom + sizeof(struct osmo_phsap_prim) + l2_len; + struct msgb *msg = msgb_alloc_headroom(size, headroom, "l1sap_prim"); if (!msg) return NULL;