pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-bsc/+/30274 )

Change subject: lcs: Fix passing NULL bsc_subscr to paging_request_cancel() ......................................................................

lcs: Fix passing NULL bsc_subscr to paging_request_cancel()

This is triggered by BSC_Tests.TC_lcs_loc_req_no_subscriber. Before, the NULL ptr was not a problem because paging_request_cancel() only used the pointer to compare it against other pointers, but never accessing it. A follow-up patch is, however, changing the implementation to optimize the lookup by using the subscriber pointer, which generates a crash.

Related: SYS#6200 Change-Id: Id0de43ac5bde0f52f258de6c9bf58b173301c8db --- M src/osmo-bsc/lcs_loc_req.c M src/osmo-bsc/paging.c 2 files changed, 3 insertions(+), 1 deletion(-)

Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve fixeria: Looks good to me, approved

diff --git a/src/osmo-bsc/lcs_loc_req.c b/src/osmo-bsc/lcs_loc_req.c index d53f2ab..bb0c5e2 100644 --- a/src/osmo-bsc/lcs_loc_req.c +++ b/src/osmo-bsc/lcs_loc_req.c @@ -514,7 +514,8 @@ };

/* If we're paging this subscriber for LCS, stop paging. */ - paging_request_cancel(lcs_loc_req->conn->bsub, BSC_PAGING_FOR_LCS); + if (lcs_loc_req->conn->bsub) + paging_request_cancel(lcs_loc_req->conn->bsub, BSC_PAGING_FOR_LCS);

/* Send Perform Location Abort to SMLC, only if we got started on the Lb */ if (lcs_loc_req->conn->lcs.lb.state == SUBSCR_SCCP_ST_CONNECTED) diff --git a/src/osmo-bsc/paging.c b/src/osmo-bsc/paging.c index e1290f5..b73578e 100644 --- a/src/osmo-bsc/paging.c +++ b/src/osmo-bsc/paging.c @@ -578,6 +578,7 @@ void paging_request_cancel(struct bsc_subscr *bsub, enum bsc_paging_reason reasons) { struct gsm_bts *bts; + OSMO_ASSERT(bsub);

llist_for_each_entry(bts, &bsc_gsmnet->bts_list, list) { struct gsm_paging_request *req, *req2;

1 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one.