[PATCH] openbsc[master]: bsc_api: Fix NULL secondary_lchan access in handle_ass_fail

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Pau Espin Pedrol gerrit-no-reply at lists.osmocom.org
Mon Oct 16 08:52:28 UTC 2017


Review at  https://gerrit.osmocom.org/4277

bsc_api: Fix NULL secondary_lchan access in handle_ass_fail

Related: OW#3893

Program terminated with signal SIGSEGV, Segmentation fault.
0  gsm_lchan_name (lchan=lchan at entry=0x0) at gsm_data_shared.c:342
(gdb) bt
0  gsm_lchan_name (lchan=lchan at entry=0x0) at gsm_data_shared.c:342
1  0x0805ab80 in lchan_release (lchan=0x0, sacch_deact=sacch_deact at entry=0, mode=mode at entry=RSL_REL_LOCAL_END)
    at chan_alloc.c:410
2  0x0805c1dd in handle_ass_fail (msg=0x94142b8, conn=0x9251048) at bsc_api.c:459
3  dispatch_dtap (msg=0x94142b8, link_id=0 '\000', conn=0x9251048) at bsc_api.c:598
4  gsm0408_rcvmsg (msg=msg at entry=0x94142b8, link_id=0 '\000') at bsc_api.c:658
5  0x08058ca2 in abis_rsl_rx_rll (msg=0x94142b8) at abis_rsl.c:1686
6  abis_rsl_rcvmsg (msg=0x94142b8) at abis_rsl.c:2097
7  0xb7e8cf9a in handle_ts1_read (bfd=0x94e8e08) at input/ipaccess.c:271
8  ipaccess_fd_cb (bfd=0x94e8e08, what=1) at input/ipaccess.c:386
9  0xb7ee8434 in osmo_select_main (polling=polling at entry=0) at select.c:158
10 0x0804bd7c in main (argc=6, argv=0xbfc27144) at osmo_bsc_main.c:272
(gdb) print lchan
$2 = (const struct gsm_lchan *) 0x0

Change-Id: Ied5bd90b9c06f27135a2e3c46e40d49d27d9a387
---
M openbsc/src/libbsc/bsc_api.c
1 file changed, 4 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/77/4277/1

diff --git a/openbsc/src/libbsc/bsc_api.c b/openbsc/src/libbsc/bsc_api.c
index fa45421..0c16db3 100644
--- a/openbsc/src/libbsc/bsc_api.c
+++ b/openbsc/src/libbsc/bsc_api.c
@@ -485,8 +485,10 @@
 
 	/* stop the timer and release it */
 	osmo_timer_del(&conn->T10);
-	lchan_release(conn->secondary_lchan, 0, RSL_REL_LOCAL_END);
-	conn->secondary_lchan = NULL;
+	if (conn->secondary_lchan) {
+		lchan_release(conn->secondary_lchan, 0, RSL_REL_LOCAL_END);
+		conn->secondary_lchan = NULL;
+	}
 
 	gh = msgb_l3(msg);
 	if (msgb_l3len(msg) - sizeof(*gh) != 1) {

-- 
To view, visit https://gerrit.osmocom.org/4277
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ied5bd90b9c06f27135a2e3c46e40d49d27d9a387
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>



More information about the gerrit-log mailing list