From 45f73247ee0a1fe7eb946963f3f6967975080b9a Mon Sep 17 00:00:00 2001 From: Alexander Chemeris Date: Sun, 17 May 2020 21:18:40 +0300 Subject: Fix crash in bsc_patch_mm_info() osmo-bsc has crashed with the following backtrace: 0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 1 0x00007f0bc49b38db in __GI_abort () at abort.c:100 2 0x00007f0bc581ba30 in osmo_panic () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12 3 0x00005648ceeced69 in conn_get_bts (conn=) at ../../include/osmocom/bsc/gsm_data.h:1392 4 0x00005648cef37164 in conn_get_bts (conn=0x5648cf769e80) at osmo_bsc_filter.c:87 5 bsc_patch_mm_info (conn=conn@entry=0x5648cf769e80, data=, length=) at osmo_bsc_filter.c:48 6 0x00005648cef371b6 in bsc_scan_msc_msg (conn=conn@entry=0x5648cf769e80, msg=msg@entry=0x5648cf77ead0) at osmo_bsc_filter.c:159 7 0x00005648cef33988 in dtap_rcvmsg (msg=0x5648cf72b2f0, length=40, conn=0x5648cf769e80) at osmo_bsc_bssap.c:1215 8 bsc_handle_dt (conn=conn@entry=0x5648cf769e80, msg=0x5648cf72b2f0, len=40) at osmo_bsc_bssap.c:1299 9 0x00005648cef3b2b7 in handle_data_from_msc (msg=, conn=0x5648cf769e80) at osmo_bsc_sigtran.c:152 10 sccp_sap_up (oph=0x5648cf72b378, _scu=) at osmo_bsc_sigtran.c:267 11 0x00007f0bc5813c03 in _osmo_fsm_inst_dispatch () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12 12 0x00007f0bc51a8935 in sccp_scoc_rx_from_scrc (inst=inst@entry=0x5648cf6a8d60, xua=xua@entry=0x5648cf720150) at sccp_scoc.c:1695 13 0x00007f0bc51a62f3 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x5648cf6a8d60, xua=xua@entry=0x5648cf720150) at sccp_scrc.c:459 14 0x00007f0bc51a9545 in mtp_user_prim_cb (oph=0x5648cf7681f8, ctx=0x5648cf6a8d60) at sccp_user.c:182 15 0x00007f0bc51a09c6 in m3ua_rx_xfer (xua=0x5648cf764a80, asp=0x5648cf45f540) at m3ua.c:586 16 m3ua_rx_msg (asp=asp@entry=0x5648cf45f540, msg=msg@entry=0x5648cf71e880) at m3ua.c:739 17 0x00007f0bc51b0763 in xua_cli_read_cb (conn=0x5648cf441ed0) at osmo_ss7.c:1761 18 0x00007f0bc55fab53 in osmo_stream_cli_read (cli=0x5648cf441ed0) at stream.c:232 19 osmo_stream_cli_fd_cb (ofd=, what=1) at stream.c:321 20 0x00007f0bc580edcf in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12 21 0x00007f0bc580f526 in osmo_select_main_ctx () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12 22 0x00005648ceecfb2f in main (argc=, argv=) at osmo_bsc_main.c:953 Apparently, there is no lchan allocated at this moment, so conn_get_bts() crashes. But we only use it to get to "network" which we can do much easier and safer by doing conn->network. Change-Id: Id3f7b3efba60c0f050c1be98e5e539f1dab4cd57 --- src/osmo-bsc/osmo_bsc_filter.c | 3 +-- tests/bsc/bsc_test.c | 11 ++--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/osmo-bsc/osmo_bsc_filter.c b/src/osmo-bsc/osmo_bsc_filter.c index 332ba6b83..3b72aeeb9 100644 --- a/src/osmo-bsc/osmo_bsc_filter.c +++ b/src/osmo-bsc/osmo_bsc_filter.c @@ -45,7 +45,6 @@ static int bsc_patch_mm_info(struct gsm_subscriber_connection *conn, { struct tlv_parsed tp; int parse_res; - struct gsm_bts *bts = conn_get_bts(conn); int tzunits; uint8_t tzbsd = 0; uint8_t dst = 0; @@ -58,7 +57,7 @@ static int bsc_patch_mm_info(struct gsm_subscriber_connection *conn, return 0; /* Is TZ patching enabled? */ - struct gsm_tz *tz = &bts->network->tz; + struct gsm_tz *tz = &conn->network->tz; if (!tz->override) return 0; diff --git a/tests/bsc/bsc_test.c b/tests/bsc/bsc_test.c index 6079ec500..5d8711838 100644 --- a/tests/bsc/bsc_test.c +++ b/tests/bsc/bsc_test.c @@ -123,16 +123,9 @@ static void test_scan(void) int i; struct gsm_network *net = gsm_network_init(ctx); - struct gsm_bts *bts = gsm_bts_alloc(net, 0); - struct bsc_msc_data *msc; - struct gsm_subscriber_connection *conn; + struct gsm_subscriber_connection *conn = talloc_zero(net, struct gsm_subscriber_connection); - msc = talloc_zero(net, struct bsc_msc_data); - conn = talloc_zero(net, struct gsm_subscriber_connection); - - bts->network = net; - conn->sccp.msc = msc; - conn->lchan = &bts->c0->ts[1].lchan[0]; + conn->network = net; /* start testing with proper messages */ printf("Testing BTS<->MSC message scan.\n"); -- cgit v1.2.3