pespin submitted this change.

View Change

mgw_fsm: Fix error path accessing uninitialized fsm ptr

The error handling of the error path was wrong. Let's remove the "fi"
variable to avoid more of such errors. Furthermore, add an assert to
clarify for the reader that the map->mgw_fi will be freed before
allocating a new FSM instance below.

Change-Id: I9d3bca552bfa77f5e18f75bedad8d422f74df1f8
---
M src/osmo-hnbgw/mgw_fsm.c
1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/osmo-hnbgw/mgw_fsm.c b/src/osmo-hnbgw/mgw_fsm.c
index 2b7484f..1360849 100644
--- a/src/osmo-hnbgw/mgw_fsm.c
+++ b/src/osmo-hnbgw/mgw_fsm.c
@@ -658,7 +658,6 @@
 int handle_rab_ass_req(struct hnbgw_context_map *map, struct osmo_prim_hdr *oph, ranap_message *message)
 {
 	static bool initialized = false;
-	struct osmo_fsm_inst *fi;
 	struct mgw_fsm_priv *mgw_fsm_priv;
 	struct osmo_sockaddr addr;
 	struct osmo_sockaddr_str addr_str;
@@ -683,7 +682,8 @@
 
 		LOGPFSML(map->mgw_fi, LOGL_ERROR,
 			 "mgw_fsm_alloc_and_handle_rab_ass_req() unable to handle RAB-AssignmentRequest!\n");
-		osmo_fsm_inst_state_chg(fi, MGW_ST_FAILURE, 0, 0);
+		osmo_fsm_inst_state_chg(map->mgw_fi, MGW_ST_FAILURE, 0, 0);
+		OSMO_ASSERT(map->mgw_fi == NULL);
 	}
 
 	mgw_fsm_priv = talloc_zero(map, struct mgw_fsm_priv);
@@ -723,9 +723,8 @@
 	/* Allocate the FSM and start it. */
 	mgw_fsm_priv->map = map;
 	snprintf(fsm_name, sizeof(fsm_name), "mgw-fsm-%u-%u", map->rua_ctx_id, mgw_fsm_priv->rab_id);
-	fi = osmo_fsm_inst_alloc(&mgw_fsm, map, mgw_fsm_priv, LOGL_DEBUG, fsm_name);
-	map->mgw_fi = fi;
-	mgw_fsm_state_chg(fi, MGW_ST_CRCX_HNB);
+	map->mgw_fi = osmo_fsm_inst_alloc(&mgw_fsm, map, mgw_fsm_priv, LOGL_DEBUG, fsm_name);
+	mgw_fsm_state_chg(map->mgw_fi, MGW_ST_CRCX_HNB);
 
 	return 0;
 error:

To view, visit change 28283. To unsubscribe, or for help writing mail filters, visit settings.