From 194b4cb4fd2bc7c0ca71fad14a314a517f5d4415 Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Thu, 10 Nov 2016 03:19:21 +0100 Subject: fix use after free in bsc_config_free talloc_free the cfg only after asserting num_bsc count sanity. This caused a failure in the 'bsc-nat' test with -fsanitize build. Should fix the Osmocom_Sanitizer build on jenkins.osmocom.org https://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/ Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6 --- openbsc/src/osmo-bsc_nat/bsc_nat_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c index 37b01e314..bb0f4c4a6 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c @@ -205,9 +205,9 @@ void bsc_config_free(struct bsc_config *cfg) { llist_del(&cfg->entry); rate_ctr_group_free(cfg->stats.ctrg); - talloc_free(cfg); cfg->nat->num_bsc--; OSMO_ASSERT(cfg->nat->num_bsc >= 0) + talloc_free(cfg); } static void _add_lac(void *ctx, struct llist_head *list, int _lac) -- cgit v1.2.3