Attention is currently required from: pespin.

View Change

1 comment:

• File src/osmo-bsc-nat/bsc_nat_fsm.c:

  • Patch Set #5, Line 142: oph->msg = NULL;

    Why are you doing this?

    So I can properly msgb_free(oph->msg) before return of this function, if it is not NULL.

    Is msgb_free() called somewhere inside osmo_sccp_tx_unitdata_msg ?

    Yes:

    https://git.osmocom.org/libosmo-sccp/tree/src/sccp_helpers.c?id=5cac653a986487470444b81132305aeae0a3e045#n96

    Did you check if oph pointer is actually allocated INSIDE the msg data? because then you are writing to already-freed memory. If that's the case, you should not use oph nor oph->msg anymore.

    Thanks for pointing this out, indeed the callers of sccp_user_prim_up in libosmo-sccp allocate oph inside msg and as I understand, I should set oph = NULL to check later if msgb_free is needed. I'm not so familiar with internals of msgb, but now I understood that I don't even need to set l3h to l2h, I can just use msgb_pull_to_l2. Patch updated.

To view, visit change 27030. To unsubscribe, or for help writing mail filters, visit settings.