Change in osmo-bsc[master]: assignment_fsm: fix assignment_count(): conn->lchan may be NULL

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

fixeria gerrit-no-reply at lists.osmocom.org
Thu Jun 18 15:51:50 UTC 2020


fixeria has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/18907 )


Change subject: assignment_fsm: fix assignment_count(): conn->lchan may be NULL
......................................................................

assignment_fsm: fix assignment_count(): conn->lchan may be NULL

Starting from ttcn3-bsc-test-sccplite build #777, it was niticed
that osmo-bsc crashes with the following message:

  Assert failed conn->lchan include/osmocom/bsc/gsm_data.h:1376

Here is a backtrace:

  Program received signal SIGABRT
  pwndbg> bt
    0x0000555555be6e52 in conn_get_bts (conn=0x622000057160) at include/osmocom/bsc/gsm_data.h:1376
    0x0000555555c1edc8 in assignment_fsm_timer_cb (fi=0x612000060220) at assignment_fsm.c:758
    0x00007ffff72b1104 in fsm_tmr_cb (data=0x612000060220) at libosmocore/src/fsm.c:325
    0x00007ffff72ab062 in osmo_timers_update () at libosmocore/src/timer.c:257
    0x00007ffff72ab5d2 in _osmo_select_main (polling=0) at libosmocore/src/select.c:260
    0x00007ffff72abd2f in osmo_select_main_ctx (polling=<optimized out>) at libosmocore/src/select.c:291
    0x0000555555e1b81b in main (argc=3, argv=0x7fffffffe1b8) at osmo_bsc_main.c:953
    0x00007ffff6752002 in __libc_start_main () from /usr/lib/libc.so.6
    0x0000555555b61bbe in _start ()

Apparently conn->lchan can be NULL, so assignment_count() must be
safe against this. Let's add a guard 'if' statement there.

Yes, we miss a chance to increase a counter in such case, but this
is a separate problem. The main point is that osmo-bsc must not crash.

Change-Id: Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1
Fixes: I0009e51d4caf68e762138d98e2e23d49acc3cc1a
Related: OS#4620, OS#4619
---
M src/osmo-bsc/assignment_fsm.c
1 file changed, 8 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/07/18907/1

diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c
index 94dd359..dee7983 100644
--- a/src/osmo-bsc/assignment_fsm.c
+++ b/src/osmo-bsc/assignment_fsm.c
@@ -73,14 +73,20 @@
 		on_assignment_failure(_conn); \
 	} while(0)
 
+/* NOTE: make sure that conn->lchan is not NULL before calling this macro! */
+#define assignment_count_bts(conn, counter) do { \
+		struct gsm_bts *bts = conn_get_bts(conn); \
+		rate_ctr_inc(&bts->bts_ctrs->ctr[BTS_##counter]); \
+	} while (0)
+
 /* Assume presence of local var 'conn' as struct gsm_subscriber_connection */
 #define assignment_count(counter) do { \
-		struct gsm_bts *bts = conn_get_bts(conn); \
 		LOG_ASSIGNMENT(conn, LOGL_DEBUG, "incrementing rate counter: %s %s\n", \
 			       bsc_ctr_description[BSC_##counter].name, \
 			       bsc_ctr_description[BSC_##counter].description); \
 		rate_ctr_inc(&conn->network->bsc_ctrs->ctr[BSC_##counter]); \
-		rate_ctr_inc(&bts->bts_ctrs->ctr[BTS_##counter]); \
+		if (conn->lchan != NULL) \
+			assignment_count_bts(conn, counter) \
 	} while(0)
 
 #define assignment_count_result(counter) do { \

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/18907
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: Id681dfb0ad654bdb4b71805d1ad4f39a8bf6bbd1
Gerrit-Change-Number: 18907
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <vyanitskiy at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200618/0484895f/attachment.htm>


More information about the gerrit-log mailing list