This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Review at https://gerrit.osmocom.org/1222
fix use after free in bsc_config_free
talloc_free the cfg only after asserting num_bsc count sanity.
This caused a failure in the 'bsc-nat' test with -fsanitize build.
Should fix the Osmocom_Sanitizer build on jenkins.osmocom.org
https://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/
Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6
---
M openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/22/1222/1
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
index 37b01e3..bb0f4c4 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
@@ -205,9 +205,9 @@
{
llist_del(&cfg->entry);
rate_ctr_group_free(cfg->stats.ctrg);
- talloc_free(cfg);
cfg->nat->num_bsc--;
OSMO_ASSERT(cfg->nat->num_bsc >= 0)
+ talloc_free(cfg);
}
static void _add_lac(void *ctx, struct llist_head *list, int _lac)
--
To view, visit https://gerrit.osmocom.org/1222
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>