mirror of https://gerrit.osmocom.org/libosmocore
lapdm_rslms_recvmsg: Fix memory leak in error path
The caller of lapdm_rslms_recvmsg() (e.g. osmo-bts/src/common/rsl.c) assumes the message ownership is transferred. However, in one of the two error paths, msgb_free() was not called and hence we had a memory leak. Also clarify the msgb ownership transfer in a comment. Related: OS#3750 Change-Id: Id60cb45e50bfc89224d97df6c68fcd2949751895
This commit is contained in:
parent
8006f5393e
commit
7023aa0af9
|
@ -1269,7 +1269,8 @@ static int rslms_rx_com_chan(struct msgb *msg, struct lapdm_channel *lc)
|
|||
return rc;
|
||||
}
|
||||
|
||||
/*! Receive a RSLms \ref msgb from Layer 3 */
|
||||
/*! Receive a RSLms \ref msgb from Layer 3. 'msg' ownership is transferred,
|
||||
* i.e. caller must not free it */
|
||||
int lapdm_rslms_recvmsg(struct msgb *msg, struct lapdm_channel *lc)
|
||||
{
|
||||
struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
|
||||
|
@ -1277,6 +1278,7 @@ int lapdm_rslms_recvmsg(struct msgb *msg, struct lapdm_channel *lc)
|
|||
|
||||
if (msgb_l2len(msg) < sizeof(*rslh)) {
|
||||
LOGP(DLLAPD, LOGL_ERROR, "Message too short RSL hdr!\n");
|
||||
msgb_free(msg);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue