<p>Harald Welte <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/10443">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
Harald Welte: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">sscp_scrc: Fix memleak of xua_msg when handing it to scrc_rx_mtp_xfer_ind_xua<br><br>Fixes following error provided by LeakSanitizer:<br><br>Indirect leak of 1496 byte(s) in 11 object(s) allocated from:<br> #0 0x7f1eb3332d99 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:86<br> #1 0x7f1eae617b61 in _talloc_zero (/usr/lib/libtalloc.so.2+0x5b61)<br> #2 0x7f1eb063e365 in xua_msg_alloc /home/pespin/dev/sysmocom/git/libosmo-sccp/src/xua_msg.c:49<br> #3 0x7f1eb0650ee3 in osmo_sccp_to_xua /home/pespin/dev/sysmocom/git/libosmo-sccp/src/sccp2sua.c:1298<br> #4 0x7f1eb0668d6a in mtp_user_prim_cb /home/pespin/dev/sysmocom/git/libosmo-sccp/src/sccp_user.c:173<br> #5 0x7f1eb068ba86 in deliver_to_mtp_user /home/pespin/dev/sysmocom/git/libosmo-sccp/src/osmo_ss7_hmrt.c:94<br> #6 0x7f1eb068bf00 in hmdt_message_for_distribution /home/pespin/dev/sysmocom/git/libosmo-sccp/src/osmo_ss7_hmrt.c:133<br> #7 0x7f1eb068d345 in m3ua_hmdc_rx_from_l2 /home/pespin/dev/sysmocom/git/libosmo-sccp/src/osmo_ss7_hmrt.c:275<br> #8 0x7f1eb063c08f in m3ua_rx_xfer /home/pespin/dev/sysmocom/git/libosmo-sccp/src/m3ua.c:586<br> #9 0x7f1eb063cea6 in m3ua_rx_msg /home/pespin/dev/sysmocom/git/libosmo-sccp/src/m3ua.c:739<br> #10 0x7f1eb0687188 in xua_cli_read_cb /home/pespin/dev/sysmocom/git/libosmo-sccp/src/osmo_ss7.c:1590<br> #11 0x7f1eaff77db4 in osmo_stream_cli_read /home/pespin/dev/sysmocom/git/libosmo-netif/src/stream.c:192<br> #12 0x7f1eaff79091 in osmo_stream_cli_fd_cb /home/pespin/dev/sysmocom/git/libosmo-netif/src/stream.c:276<br> #13 0x7f1eaf259795 in osmo_fd_disp_fds /home/pespin/dev/sysmocom/git/libosmocore/src/select.c:217<br> #14 0x7f1eaf259abb in osmo_select_main /home/pespin/dev/sysmocom/git/libosmocore/src/select.c:257<br> #15 0x55666c1bebd3 in main /home/pespin/dev/sysmocom/git/osmo-msc/src/osmo-msc/msc_main.c:697<br> #16 0x7f1ead1c306a in __libc_start_main (/usr/lib/libc.so.6+0x2306a)<br> #17 0x55666c1bc649 in _start (/home/pespin/dev/sysmocom/build/new/out/bin/osmo-msc+0x185649)<br><br>The code path is the following, starting from mpt_user_prim_cb:<br>mtp_user_prim_cb<br> osmo_sccp_to_xua<br> xua_msg_alloc<br> scrc_rx_mtp_xfer_ind_xua<br> sccp_scoc_rx_from_scrc<br> scrc_node_6<br> scrc_node_4<br> scrc_translate_node_9<br><br>So the xua_msg is created in mtp_user_prim_cb through osmo_sccp_to_xua<br>and then handed over to scrc_rx_mtp_xfer_ind_xua which transfers the<br>xua_msg and thus should take ownserhip of it, and consecuently freeing<br>it once it's done using it.<br><br>Change-Id: I43e159c82b64bd85b185f77ee19b6455a96e082f<br>---<br>M src/sccp_scrc.c<br>1 file changed, 12 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/sccp_scrc.c b/src/sccp_scrc.c</span><br><span>index cd01774..9005dc7 100644</span><br><span>--- a/src/sccp_scrc.c</span><br><span>+++ b/src/sccp_scrc.c</span><br><span>@@ -438,13 +438,14 @@</span><br><span> }</span><br><span> </span><br><span> /* Figure C.1/Q.714 Sheet 1 of 12, after we converted the</span><br><span style="color: hsl(0, 100%, 40%);">- * MTP-TRANSFER.ind to SUA */</span><br><span style="color: hsl(120, 100%, 40%);">+ * MTP-TRANSFER.ind to SUA. Takes ownership of \a xua and frees it once processed. */</span><br><span> int scrc_rx_mtp_xfer_ind_xua(struct osmo_sccp_instance *inst,</span><br><span> struct xua_msg *xua)</span><br><span> {</span><br><span> struct osmo_sccp_addr called;</span><br><span> uint32_t proto_class;</span><br><span> struct xua_msg_part *hop_ctr_part;</span><br><span style="color: hsl(120, 100%, 40%);">+ int rc;</span><br><span> </span><br><span> LOGP(DLSS7, LOGL_DEBUG, "%s: %s\n", __func__, xua_msg_dump(xua, &xua_dialect_sua));</span><br><span> /* TODO: SCCP or nodal congestion? */</span><br><span>@@ -454,6 +455,7 @@</span><br><span> /* Node 1 (Sheet 3) */</span><br><span> /* deliver to SCOC */</span><br><span> sccp_scoc_rx_from_scrc(inst, xua);</span><br><span style="color: hsl(120, 100%, 40%);">+ xua_msg_free(xua);</span><br><span> return 0;</span><br><span> }</span><br><span> /* We only treat connectionless and CR below */</span><br><span>@@ -463,7 +465,9 @@</span><br><span> /* Route on GT? */</span><br><span> if (called.ri != OSMO_SCCP_RI_GT) {</span><br><span> /* Node 6 (Sheet 3) */</span><br><span style="color: hsl(0, 100%, 40%);">- return scrc_node_6(inst, xua, &called);</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = scrc_node_6(inst, xua, &called);</span><br><span style="color: hsl(120, 100%, 40%);">+ xua_msg_free(xua);</span><br><span style="color: hsl(120, 100%, 40%);">+ return rc;</span><br><span> }</span><br><span> /* Message with hop-counter? */</span><br><span> hop_ctr_part = xua_msg_find_tag(xua, SUA_IEI_S7_HOP_CTR);</span><br><span>@@ -472,7 +476,9 @@</span><br><span> if (hop_counter <= 1) {</span><br><span> /* Error: hop-counter violation */</span><br><span> /* node 4 */</span><br><span style="color: hsl(0, 100%, 40%);">- return scrc_node_4(inst, xua, SCCP_RETURN_CAUSE_HOP_COUNTER_VIOLATION);</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = scrc_node_4(inst, xua, SCCP_RETURN_CAUSE_HOP_COUNTER_VIOLATION);</span><br><span style="color: hsl(120, 100%, 40%);">+ xua_msg_free(xua);</span><br><span style="color: hsl(120, 100%, 40%);">+ return rc;</span><br><span> }</span><br><span> /* Decrement hop-counter */</span><br><span> hop_counter--;</span><br><span>@@ -492,5 +498,7 @@</span><br><span> default:</span><br><span> break;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- return scrc_translate_node_9(inst, xua, &called);</span><br><span style="color: hsl(120, 100%, 40%);">+ rc = scrc_translate_node_9(inst, xua, &called);</span><br><span style="color: hsl(120, 100%, 40%);">+ xua_msg_free(xua);</span><br><span style="color: hsl(120, 100%, 40%);">+ return rc;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/10443">change 10443</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/10443"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: libosmo-sccp </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I43e159c82b64bd85b185f77ee19b6455a96e082f </div>
<div style="display:none"> Gerrit-Change-Number: 10443 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Pau Espin Pedrol <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Harald Welte <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: Pau Espin Pedrol <pespin@sysmocom.de> </div>