Attention is currently required from: pespin.

View Change

2 comments:

• Commit Message:

  • Patch Set #1, Line 31: *** (!) as well as the struct osmo_fsm_inst (talloc child)

    shouldn't the fsm always be freed with explicit osmo_fsm_inst_free() and not through automatic tallo […]

    Yes, all `osmo_fsm_inst` should normally be freed by calling `osmo_fsm_inst_free()`. But in this specific case it gets free()d implicitly (and incorrectly, not cleaning up stuff like timers and llists) before we reach the point of calling `osmo_fsm_inst_free()`. And when we call it, osmo-bts crashes due to use-after-free.

  • Patch Set #1, Line 33: *** calling ipaccess_keepalive_fsm_cleanup()

    why is cleanup() called here if it was freed above?

    I don't know why the cleanup() is called in the alloc() function... ask Eric.

    why wasn't the pointer set to NULL?

    talloc does not set pointers to NULL when free()ing child chunks...

To view, visit change 32641. To unsubscribe, or for help writing mail filters, visit settings.