This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Hans Peter Freyther holger at freyther.deHi all,
I was debugging a crash with the VTY and I am not fully understanding it but I
can easily reproduce it. The problem is triggered with the new VTY OML code
and here is what I know.
1.) we move from ENABLE_NODE to the OML node. and allocate memory
2.) when exiting the node we will free the data at vty->index.. and
set the pointer to NULL.
But I can easily produce a double free issue and this seems to be due.
cmd_execute_command:
1.) saves the vty->index to oindex and vty->node to onode
2.) tries calling vty_go_parent or such...
3.) tries more stuff...
4.) as stuff failed resets vty->index to oindex...
so the next exit command will do a double free... and the funny part is that
the code has one assumption everything > CONFIG_NODE is considered to be
config as well. This means that we should have two enum values in libosmovty,
one for Last_Enable, one for Last_Config and have enough space between them.
And the other part... maybe vty_go_parent should return CMD_SUCCESS?
thoughts?
[1] ./script | telnet localhost 4242 and see the bsc_hack/bsc_msc_io crash
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: script
URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20100811/7e536bf0/attachment.ksh>