[PATCH] osmo-msc[master]: setup_trig_pag_evt: Fix heap-use-after-free

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Pau Espin Pedrol gerrit-no-reply at lists.osmocom.org
Tue Apr 24 12:04:33 UTC 2018


Review at  https://gerrit.osmocom.org/7903

setup_trig_pag_evt: Fix heap-use-after-free

Catched by osmo-gsm-tester running test voice:octphy.

Fixes following AddressSanitizer report:
==18864==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a000016f18 at pc 0x55f1b29eee5c bp 0x7ffdaa2ac000 sp 0x7ffdaa2abff8
WRITE of size 8 at 0x61a000016f18 thread T0
    #0 0x55f1b29eee5b in setup_trig_pag_evt osmo-msc/src/libmsc/gsm_04_08.c:1490
    #1 0x55f1b2a086c1 in subscr_paging_dispatch osmo-msc/src/libmsc/gsm_subscriber.c:101
    #2 0x7fb88e07c1c9 in osmo_timers_update libosmocore/src/timer.c:257
    #3 0x7fb88e07f1b1 in osmo_select_main libosmocore/src/select.c:253
    #4 0x55f1b29b600b in main osmo-msc/msc_main.c:694
    #5 0x7fb88bebe2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #6 0x55f1b29b69f9 in _start (osmo-msc/bin/osmo-msc+0xf09f9)

Related: OS#3198

Change-Id: Ie7fdca4d48e247c77a53e81aec2b6bacd8fef678
---
M src/libmsc/gsm_04_08.c
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/03/7903/1

diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 27aff55..5c45316 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -1467,6 +1467,7 @@
 		OSMO_ASSERT(conn);
 		/* Assign conn */
 		transt->conn = msc_subscr_conn_get(conn, MSC_CONN_USE_TRANS_CC);
+		transt->paging_request = NULL;
 		/* send SETUP request to called party */
 		gsm48_cc_tx_setup(transt, &transt->cc.msg);
 		break;
@@ -1486,7 +1487,6 @@
 		break;
 	}
 
-	transt->paging_request = NULL;
 	return 0;
 }
 

-- 
To view, visit https://gerrit.osmocom.org/7903
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie7fdca4d48e247c77a53e81aec2b6bacd8fef678
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>



More information about the gerrit-log mailing list