Change in osmo-bsc[master]: lchan_fsm: Fix possible NULL ptr dereference in _lchan_on_mode_modify...

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

laforge gerrit-no-reply at lists.osmocom.org
Fri Nov 5 10:26:39 UTC 2021


laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-bsc/+/26117 )

Change subject: lchan_fsm: Fix possible NULL ptr dereference in _lchan_on_mode_modify_failure()
......................................................................

lchan_fsm: Fix possible NULL ptr dereference in _lchan_on_mode_modify_failure()

_lchan_on_activation_failure(), which calls lchan_on_mode_modify_failure(),
already checks for !for_conn in other paths. Hence, it can be that
for_conn being passed to _lchan_on_mode_modify_failure() may be null.

"""
 Stack trace of thread 7077:
 #0  0x000055d25a463842 _lchan_on_mode_modify_failure (osmo-bsc)
 #1  0x000055d25a46b57c _lchan_on_activation_failure (osmo-bsc)
 #2  0x00007fe8b2083be4 state_chg (libosmocore.so.17)
 #3  0x00007fe8b208409d _osmo_fsm_inst_state_chg (libosmocore.so.17)
 #4  0x000055d25a46825a lchan_fsm_wait_rll_rtp_establish (osmo-bsc)
 #5  0x00007fe8b2084239 _osmo_fsm_inst_dispatch (libosmocore.so.17)
 #6  0x00007fe8b2083be4 state_chg (libosmocore.so.17)
 #7  0x00007fe8b208409d _osmo_fsm_inst_state_chg (libosmocore.so.17)
 #8  0x000055d25a46dbdc lchan_rtp_fsm_wait_ipacc_mdcx_ack (osmo-bsc)
 #9  0x00007fe8b2084239 _osmo_fsm_inst_dispatch (libosmocore.so.17)
 #10 0x000055d25a411d69 abis_rsl_rx_ipacc_mdcx_ack (osmo-bsc)
"""

Related: SYS#5698
Change-Id: If8b2895feef6e30f9c1db97394dd16d892b277f2
---
M src/osmo-bsc/lchan_fsm.c
1 file changed, 5 insertions(+), 0 deletions(-)

Approvals:
  fixeria: Looks good to me, but someone else must approve
  dexter: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/osmo-bsc/lchan_fsm.c b/src/osmo-bsc/lchan_fsm.c
index 64840f0..d5d6e77 100644
--- a/src/osmo-bsc/lchan_fsm.c
+++ b/src/osmo-bsc/lchan_fsm.c
@@ -97,6 +97,11 @@
 	case MODIFY_FOR_ASSIGNMENT:
 		LOG_LCHAN(lchan, LOGL_NOTICE, "Signalling Assignment FSM of error (%s)\n",
 			  lchan->last_error ? : "unknown error");
+		if (!for_conn) {
+			LOG_LCHAN(lchan, LOGL_ERROR, "lchan Channel Mode Modify failed, "
+				  "but modify request has no conn\n");
+			break;
+		}
 		_osmo_fsm_inst_dispatch(for_conn->assignment.fi, ASSIGNMENT_EV_LCHAN_ERROR, lchan,
 					file, line);
 		return;

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/26117
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: If8b2895feef6e30f9c1db97394dd16d892b277f2
Gerrit-Change-Number: 26117
Gerrit-PatchSet: 2
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: dexter <pmaier at sysmocom.de>
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: neels <nhofmeyr at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20211105/484f7cbf/attachment.htm>


More information about the gerrit-log mailing list