From e9e5f8e4e9aa3fdce06d144381d9621552476387 Mon Sep 17 00:00:00 2001
From: Max <msuraev@sysmocom.de>
Date: Mon, 7 Nov 2016 14:49:13 +0100
Subject: Add null-pointer check to osmo_amr_rtp_dec()

Check that RTP payload we're about to decode is not NULL and return
proper error code instead of segfaulting. Add corresponding test case.

Change-Id: Ib6cda9900a41ed16bbfbde9df3de9d38e0a7469b
---
 src/codec/gsm690.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/codec')

diff --git a/src/codec/gsm690.c b/src/codec/gsm690.c
index 0f4bf8fe..c3cb9324 100644
--- a/src/codec/gsm690.c
+++ b/src/codec/gsm690.c
@@ -252,6 +252,9 @@ int osmo_amr_rtp_dec(const uint8_t *rtppayload, int payload_len, uint8_t *cmr,
 		     int8_t *cmi, enum osmo_amr_type *ft,
 		     enum osmo_amr_quality *bfi, int8_t *sti)
 {
+	if (payload_len < 2 || !rtppayload)
+		return -EINVAL;
+
 	/* RFC 4867 § 4.4.2 ToC - compound payloads are not supported: F = 0 */
 	uint8_t type = (rtppayload[1] >> 3) & 0xf;
 
@@ -262,9 +265,6 @@ int osmo_amr_rtp_dec(const uint8_t *rtppayload, int payload_len, uint8_t *cmr,
 	if (payload_len - 2 < amr_len_by_ft[type])
 		return -ENOTSUP;
 
-	if (payload_len < 2)
-		return -EINVAL;
-
 	if (ft)
 		*ft = type;
 
-- 
cgit v1.2.3