diff options
authorPhilipp Maier <pmaier@sysmocom.de>2021-09-23 16:19:51 +0200
committerVadim Yanitskiy <vyanitskiy@sysmocom.de>2021-10-12 16:24:26 +0300
commit5562475e7c3a54fa7f2206b6de1435df6507d3a2 (patch)
parent6505f692d47ab0ad305a1a01ea135342975abb8a (diff)
assignment_fsm: Check for conn->lchan
When the SDCCH gets released while the TCH still beeing activated, then the ChanActivACK that is received after the TCH is activated will trigger a segmentation fault in the assignment_fsm. The reason for this is that conn->lchan, which holds the SDCCH at that point in time, is now NULL. To prevent osmo-bsc from crashing, the FSM should check for the presence of conn->lchan first. If it does not exist, the FSM should terminate. (Assignment failed) Change-Id: I3b1cd88bea62ef0032f6c035bac95d3df9fdca7a Related: SYS#5627
1 files changed, 9 insertions, 0 deletions
diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c
index 2f241e3c3..c5a1250f6 100644
--- a/src/osmo-bsc/assignment_fsm.c
+++ b/src/osmo-bsc/assignment_fsm.c
@@ -610,6 +610,15 @@ static void assignment_fsm_wait_rr_ass_complete_onenter(struct osmo_fsm_inst *fi
int rc;
struct gsm_subscriber_connection *conn = assignment_fi_conn(fi);
+ /* There may be situations where the SDCCH gets released while the TCH is still being activated. We will then
+ * receive ChanActivAck message from the BTS when the TCH is ready. Since the SDCCH is already released by
+ * then conn->lchan will be NULL in this case. */
+ if (!conn->lchan) {
+ assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE,
+ "Unable to send RR Assignment Command: conn without lchan");
+ return;
+ }
rc = gsm48_send_rr_ass_cmd(conn->lchan, conn->assignment.new_lchan,