Change in osmo-mgw[master]: client: endp fsm: clear ci[] before dispatching DLCX success

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

neels gerrit-no-reply at lists.osmocom.org
Tue Oct 29 22:05:05 UTC 2019 

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-mgw/+/15898 )


Change subject: client: endp fsm: clear ci[] before dispatching DLCX success
......................................................................

client: endp fsm: clear ci[] before dispatching DLCX success

In case the ep gets deallocated during event dispatch, move all ci[] cleanup to
*before* dispatching a DLCX OK event. Afterwards, it might become a
use-after-free.

Change-Id: Ib2032e5566e465c02a9a525ccd38f9dcc84fb669
---
M src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c
1 file changed, 6 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/98/15898/1

diff --git a/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c b/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c
index 02054ab..30ad2d3 100644
--- a/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c
+++ b/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c
@@ -663,6 +663,7 @@
 {
 	int rc;
 	struct osmo_mgcpc_ep *ep = ci->ep;
+	struct fsm_notify notify;
 
 	if (!ci->occupied || !ci->pending || ci->sent)
 		return 0;
@@ -701,11 +702,14 @@
 		       osmo_mgcp_verb_name(ci->verb), ci->mgcp_ci_str);
 		/* The way this is designed, we actually need to forget all about the ci right away. */
 		mgcp_conn_delete(ci->mgcp_client_fi);
-		if (ci->notify.fi)
-			osmo_fsm_inst_dispatch(ci->notify.fi, ci->notify.success, ci->notify.data);
+		notify = ci->notify;
 		*ci = (struct osmo_mgcpc_ep_ci){
 			.ep = ep,
 		};
+		/* When dispatching an event for this CI, the user may decide to trigger the next request for this conn
+		 * right away. So we must be ready with a cleared *ci. */
+		if (notify.fi)
+			osmo_fsm_inst_dispatch(notify.fi, notify.success, notify.data);
 		break;
 
 	default:

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-mgw/+/15898
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-mgw
Gerrit-Branch: master
Gerrit-Change-Id: Ib2032e5566e465c02a9a525ccd38f9dcc84fb669
Gerrit-Change-Number: 15898
Gerrit-PatchSet: 1
Gerrit-Owner: neels <nhofmeyr at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20191029/6712e0bd/attachment.htm>

More information about the gerrit-log mailing list