assignment_fsm: Check for conn->lchan

When the SDCCH gets released while the TCH still beeing activated, then
the ChanActivACK that is received after the TCH is activated will trigger
a segmentation fault in the assignment_fsm. The reason for this is that
conn->lchan, which holds the SDCCH at that point in time, is now NULL.

To prevent osmo-bsc from crashing, the FSM should check for the presence
of conn->lchan first. If it does not exist, the FSM should terminate.
(Assignment failed)

Change-Id: I3b1cd88bea62ef0032f6c035bac95d3df9fdca7a
Related: SYS#5627, OS#5255

1 files changed, 9 insertions, 0 deletions

diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c
index faaec535e..3eda129dc 100644
--- a/src/osmo-bsc/assignment_fsm.c
+++ b/src/osmo-bsc/assignment_fsm.c
@@ -611,6 +611,15 @@ static void assignment_fsm_wait_rr_ass_complete_onenter(struct osmo_fsm_inst *fi
 	int rc;
 	struct gsm_subscriber_connection *conn = assignment_fi_conn(fi);
 
+	/* There may be situations where the SDCCH gets released while the TCH is still being activated. We will then
+	 * receive ChanActivAck message from the BTS when the TCH is ready. Since the SDCCH is already released by
+	 * then conn->lchan will be NULL in this case. */
+	if (!conn->lchan) {
+		assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE,
+				"Unable to send RR Assignment Command: conn without lchan");
+		return;
+	}
+
 	rc = gsm48_send_rr_ass_cmd(conn->lchan, conn->assignment.new_lchan,
 				   conn->lchan->ms_power);