osmo-sip-connector.git branch master updated. 49880ddf740a7af47a1247dbff9acb34087b6afc

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/osmocom-commitlog@lists.osmocom.org/.

gitosis at osmocom.org gitosis at osmocom.org
Mon Mar 6 21:10:23 UTC 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "MNCC <-> SIP bridge".

The branch, master has been updated
       via  49880ddf740a7af47a1247dbff9acb34087b6afc (commit)
       via  068f54795495d478e51d40dfcd390ce005933f9d (commit)
      from  7166d0f448eae451b1a6287b522c0fc82387b05b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://cgit.osmocom.org/osmo-sip-connector/commit/?id=49880ddf740a7af47a1247dbff9acb34087b6afc

commit 49880ddf740a7af47a1247dbff9acb34087b6afc
Author: Holger Hans Peter Freyther <holger at moiji-mobile.com>
Date:   Mon Mar 6 10:02:37 2017 +0100

    mncc: Fix use after free on mncc socket disconnection
    
    When the MNCC socket breaks down we would release all callds but when
    there is no remote call the call would be released before
    
            if (call->remote)
                    ...
    
    is being executed leading to a use after free. Fix it by copying the
    legs first and assuming the call will be gone after that.
    
    ==3618== Invalid read of size 4
    ==3618==    at 0x804A18A: app_mncc_disconnected (app.c:49)
    ==3618==    by 0x804B52D: close_connection (mncc.c:255)
    ==3618==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
    ==3618==    by 0x804CC86: check_setup (mncc.c:435)
    ==3618==    by 0x804CC86: mncc_data (mncc.c:795)
    ==3618==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
    ==3618==    by 0x804D1F2: evpoll (evpoll.c:92)
    ==3618==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3618==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3618==    by 0x8049AA6: main (main.c:171)
    ==3618==  Address 0x47f3258 is 64 bytes inside a block of size 76 free'd
    ==3618==    at 0x402A3A8: free (vg_replace_malloc.c:473)
    ==3618==    by 0x42E7FD1: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.5)
    ==3618==    by 0x804A3FD: call_leg_release (call.c:87)
    ==3618==    by 0x804A186: app_mncc_disconnected (app.c:48)
    ==3618==    by 0x804B52D: close_connection (mncc.c:255)
    ==3618==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
    ==3618==    by 0x804CC86: check_setup (mncc.c:435)
    ==3618==    by 0x804CC86: mncc_data (mncc.c:795)
    ==3618==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
    ==3618==    by 0x804D1F2: evpoll (evpoll.c:92)
    ==3618==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3618==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3618==    by 0x8049AA6: main (main.c:171)
    ==3618==
    
    Change-Id: I1889013ed315f896e4295358f6daf76ce523dc2a

http://cgit.osmocom.org/osmo-sip-connector/commit/?id=068f54795495d478e51d40dfcd390ce005933f9d

commit 068f54795495d478e51d40dfcd390ce005933f9d
Author: Holger Hans Peter Freyther <holger at moiji-mobile.com>
Date:   Mon Mar 6 09:50:26 2017 +0100

    call: Fix call release handling on mncc connection loss
    
    The app_mncc_disconnected will be called when the MNCC socket is down
    and lead to all calls being released. It directly released the call but
    did not stop the MNCC CMD timer. Go through the call release callback.
    
    ==3618==    at 0x804A18A: app_mncc_disconnected (app.c:49)
    ==3618==    by 0x804B52D: close_connection (mncc.c:255)
    
    This lead to the timer not being removed:
    
    ==3593== Invalid read of size 4
    ==3593==    at 0x4305D42: rb_first (rbtree.c:294)
    ==3593==    by 0x42FCB37: osmo_timers_update (timer.c:220)
    ==3593==    by 0x804D1D5: evpoll (evpoll.c:89)
    ==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3593==    by 0x8049AA6: main (main.c:171)
    ==3593==  Address 0x47f3380 is 232 bytes inside a block of size 272 free'd
    ==3593==    at 0x402A3A8: free (vg_replace_malloc.c:473)
    ==3593==    by 0x42E7FD1: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.5)
    ==3593==    by 0x804A3C4: call_leg_release (call.c:83)
    ==3593==    by 0x804A188: app_mncc_disconnected (app.c:48)
    ==3593==    by 0x804B52D: close_connection (mncc.c:255)
    ==3593==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
    ==3593==    by 0x804CC86: check_setup (mncc.c:435)
    ==3593==    by 0x804CC86: mncc_data (mncc.c:795)
    ==3593==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
    ==3593==    by 0x804D1F2: evpoll (evpoll.c:92)
    ==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
    ==3593==    by 0x8049AA6: main (main.c:171)
    
    Change-Id: I2e8e14b3983f84c9be046bbd96bbcd1e5766993e

-----------------------------------------------------------------------

Summary of changes:
 src/app.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
MNCC <-> SIP bridge

More information about the osmocom-commitlog mailing list