On Tue, Nov 13, 2012 at 10:47:40PM +0100, Holger Hans Peter Freyther wrote:
Hi Andreas,
zecke/smc-issues contains a testcase (that is
crashing). Ideas how to resolve
the issue and checking where similar issues exist and resolve them too (e.g.
leading to a double free in the smr code).
and the same issue exists with the SMR rp_timer_expired and the OpenBSC code
calling trans_free from within the error indication and then another message
is received (and the msg is empty but the client code still casts it to a msg).
there is another part I don't fully understand:
* gsm411_rx_rp_ack will start a new transaction but not trans_free the old
one.
* gsm0411_rcv_sms will search for a 'pending' transaction and then free it.
are these two supposed to work together? When was this tested the last time?
holger