pespin submitted this change.
e1_input: Guard against crash by users calling reentrant e1inp_sign_link_destroy()
Related: osmo-bsc.git Change-Id Ice71b3143f167482e4a23759012b58e9ee13bfc0
Related: osmo-bts.git Change-Id Ibc06cdc2d2cd2028b7676fa0c3211ae251cca587
Change-Id: Ib761cece68f1d809e27194bc5cc2eb15ad2ae4eb
---
M src/e1_input.c
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/e1_input.c b/src/e1_input.c
index 76adbd9..066a572 100644
--- a/src/e1_input.c
+++ b/src/e1_input.c
@@ -810,7 +810,17 @@
{
struct msgb *msg;
- llist_del(&link->list);
+ /* Catch upper layers behaving wrongly, calling e1inp_sign_link_destroy()
+ * and then during the driver->close() callback below ending up calling
+ * this function again deeper in the call stack in the same code path. */
+ if (llist_empty(&link->list)) {
+ LOGP(DLINP, LOGL_ERROR, "Fix your application, "
+ "caught reentrant e1inp_sign_link_destroy(%p)!\n", link);
+ return;
+ }
+ /* Use llist_del_init() to catch double destroy above: */
+ llist_del_init(&link->list);
+
while (!llist_empty(&link->tx_list)) {
msg = msgb_dequeue(&link->tx_list);
msgb_free(msg);
To view, visit change 38969. To unsubscribe, or for help writing mail filters, visit settings.