aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Chemeris <Alexander.Chemeris@gmail.com>2020-05-24 01:13:34 +0300
committerlaforge <laforge@osmocom.org>2020-05-28 09:00:23 +0000
commitc3ea0b059716144fb02ae51025153068e0072fd6 (patch)
tree8a64860fcbf8c015a2e003d03c67c3deadd08905
parent5cda1d01b442ba03b86ea9001f62a6d830adfb35 (diff)
bsc_subscr_conn_fsm: Fix crash in gscon_forget_lchan()
conn->fi might be NULL and thus can't be safely dereferenced. E.g. we're checking if it's NULL or not just a few lines above. so we should here as well. Here is a backtrace for the crash: (gdb) bt 0 0x000055b948002772 in gscon_forget_lchan (conn=0x55b949c6b870, lchan=lchan@entry=0x7f00ae9ade68) at bsc_subscr_conn_fsm.c:718 1 0x000055b948036c84 in lchan_fsm_wait_rf_release_ack_onenter (fi=<optimized out>, prev_state=<optimized out>) at lchan_fsm.c:1040 2 0x00007f00afc6a599 in state_chg (fi=fi@entry=0x55b949bcfe10, new_state=new_state@entry=8, keep_timer=keep_timer@entry=false, timeout_ms=2000, T=3111, file=<optimized out>, line=1344) at fsm.c:699 3 0x00007f00afc6aa5d in _osmo_fsm_inst_state_chg (fi=fi@entry=0x55b949bcfe10, new_state=new_state@entry=8, timeout_secs=<optimized out>, T=<optimized out>, file=<optimized out>, line=<optimized out>) at fsm.c:748 4 0x00007f00afc78e62 in _osmo_tdef_fsm_inst_state_chg (fi=fi@entry=0x55b949bcfe10, state=state@entry=8, timeouts_array=timeouts_array@entry=0x55b9482b56a0 <lchan_fsm_timeouts>, tdefs=<optimized out>, default_timeout=140730455622800, default_timeout@entry=5, file=file@entry=0x55b948079d39 "lchan_fsm.c", line=1344) at tdef.c:346 5 0x000055b9480341eb in lchan_fsm_timer_cb (fi=0x55b949bcfe10) at lchan_fsm.c:1344 6 0x00007f00afc6b84a in fsm_tmr_cb (data=0x55b949bcfe10) at fsm.c:325 7 0x00007f00afc65926 in osmo_timers_update () at timer.c:257 8 0x00007f00afc65cda in _osmo_select_main (polling=0) at select.c:260 9 0x00007f00afc66526 in osmo_select_main_ctx (polling=<optimized out>) at select.c:291 10 0x000055b947fdcadf in main (argc=<optimized out>, argv=<optimized out>) at osmo_bsc_main.c:953 (gdb) p conn->fi $1 = (struct osmo_fsm_inst *) 0x0 Change-Id: I2427266ef4660935cde899462fa6df8d785c420e
-rw-r--r--src/osmo-bsc/bsc_subscr_conn_fsm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/osmo-bsc/bsc_subscr_conn_fsm.c b/src/osmo-bsc/bsc_subscr_conn_fsm.c
index 0b475ff92..3da9d6678 100644
--- a/src/osmo-bsc/bsc_subscr_conn_fsm.c
+++ b/src/osmo-bsc/bsc_subscr_conn_fsm.c
@@ -715,7 +715,7 @@ void gscon_forget_lchan(struct gsm_subscriber_connection *conn, struct gsm_lchan
osmo_fsm_inst_name(conn->fi), detach_label);
}
- if (conn->fi->state != ST_CLEARING
+ if ((conn->fi && conn->fi->state != ST_CLEARING)
&& !conn->lchan
&& !conn->ho.new_lchan
&& !conn->assignment.new_lchan)