diff options
| author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2023-03-20 17:48:07 +0100 |
|---|---|---|
| committer | laforge <laforge@osmocom.org> | 2023-03-22 09:22:58 +0000 |
| commit | 7a0bef1ae4784203bf5f93b2dc2c4138dcad9397 (patch) | |
| tree | e783ab7216193c3c9e072d2526f5e1f16d0a7eca | |
| parent | d7b277ff0137a48553bd660b5e51ac094f854cdd (diff) | |
segfault: verify lchan presence on Assignment Complete
User reports a SEGV:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 send_assignment_complete (conn=conn@entry=0x557dbabb75a0) at assignment_fsm.c:188
#1 0x0000557db66aa6b0 in assignment_success (conn=0x557dbabb75a0) at assignment_fsm.c:277
#2 0x00007f6007afee82 in _osmo_fsm_inst_dispatch (fi=0x557db9615b80, event=4, data=0x0, file=0x7f6007a7dc21 "mgcp_client_endpoint_fsm.c", line=513) at fsm.c:875
#3 0x00007f6007a78c12 in ?? () from /lib/x86_64-linux-gnu/libosmo-mgcp-client.so.9
version: osmo-bsc 1.9.0.111.fc339.202212220009
The situation apparently is conn->lchan == NULL (primary lchan is gone),
but Assignment has just concluded. Apparently an unexpected / orthogonal
event has interrupted operations.
During assignment_success(), do not assume that conn->lchan is still
present. This should normally be true, but if not, fail the assignment
procedure instead of crashing osmo-bsc.
Related: SYS#6382
Change-Id: I4db25d0458f620954a1ca345282f5d8316341919
| -rw-r--r-- | src/osmo-bsc/assignment_fsm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c index e21a03628..02ca29cc8 100644 --- a/src/osmo-bsc/assignment_fsm.c +++ b/src/osmo-bsc/assignment_fsm.c @@ -185,6 +185,11 @@ static void send_assignment_complete(struct gsm_subscriber_connection *conn) struct gsm_lchan *lchan = conn->lchan; struct osmo_fsm_inst *fi = conn->fi; + if (!lchan) { + assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE, "Assignment interrupted: primary lchan lost"); + return; + } + chosen_channel = gsm0808_chosen_channel(lchan->type, lchan->current_ch_mode_rate.chan_mode); if (!chosen_channel) { assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE, |