diff options
author | Philipp Maier <pmaier@sysmocom.de> | 2021-09-23 16:19:51 +0200 |
---|---|---|
committer | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2021-10-12 16:24:26 +0300 |
commit | 5562475e7c3a54fa7f2206b6de1435df6507d3a2 (patch) | |
tree | 9760f78f7a4a694c0f968ea73049a6a8c97c2a3d | |
parent | 6505f692d47ab0ad305a1a01ea135342975abb8a (diff) |
assignment_fsm: Check for conn->lchan
When the SDCCH gets released while the TCH still beeing activated, then
the ChanActivACK that is received after the TCH is activated will trigger
a segmentation fault in the assignment_fsm. The reason for this is that
conn->lchan, which holds the SDCCH at that point in time, is now NULL.
To prevent osmo-bsc from crashing, the FSM should check for the presence
of conn->lchan first. If it does not exist, the FSM should terminate.
(Assignment failed)
Change-Id: I3b1cd88bea62ef0032f6c035bac95d3df9fdca7a
Related: SYS#5627
-rw-r--r-- | src/osmo-bsc/assignment_fsm.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c index 2f241e3c3..c5a1250f6 100644 --- a/src/osmo-bsc/assignment_fsm.c +++ b/src/osmo-bsc/assignment_fsm.c @@ -610,6 +610,15 @@ static void assignment_fsm_wait_rr_ass_complete_onenter(struct osmo_fsm_inst *fi int rc; struct gsm_subscriber_connection *conn = assignment_fi_conn(fi); + /* There may be situations where the SDCCH gets released while the TCH is still being activated. We will then + * receive ChanActivAck message from the BTS when the TCH is ready. Since the SDCCH is already released by + * then conn->lchan will be NULL in this case. */ + if (!conn->lchan) { + assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE, + "Unable to send RR Assignment Command: conn without lchan"); + return; + } + rc = gsm48_send_rr_ass_cmd(conn->lchan, conn->assignment.new_lchan, conn->lchan->ms_power); |