diff options
| author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2021-12-07 18:32:35 +0300 |
|---|---|---|
| committer | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2021-12-07 18:43:00 +0300 |
| commit | c44342b88c3d768966895622d9acb3e0cc45fcf4 (patch) | |
| tree | 18365d0ad016100ead8d14101bfbb02607e245aa | |
| parent | d405bad32db6d0af76be57d24e745ec5595bfda7 (diff) | |
libmsc: fix memory leak (struct msgb) in msc_i_ran_enc()
Function msc_i_ran_enc() calls msc_role_ran_encode(), but unlike the
other callers of this function it does not free() the encoded message.
A simple solution would be to call msgb_free(), like it's done in
the other places. But a more elegant solution is to modify function
msc_role_ran_encode(), so that it attaches the msgb to OTC_SELECT.
This way there is no need to call msgb_free() here and there.
This change fixes a memleak observed while running ttcn3-msc-test.
Change-Id: I741e082badc32ba9a97c1495c894e1d22e122e3a
Related: OS#5340
| -rw-r--r-- | src/libmsc/msc_a.c | 5 | ||||
| -rw-r--r-- | src/libmsc/msc_a_remote.c | 2 | ||||
| -rw-r--r-- | src/libmsc/msc_t.c | 10 | ||||
| -rw-r--r-- | src/libmsc/msub.c | 4 |
4 files changed, 7 insertions, 14 deletions
diff --git a/src/libmsc/msc_a.c b/src/libmsc/msc_a.c index 74721d2de..c9b05728e 100644 --- a/src/libmsc/msc_a.c +++ b/src/libmsc/msc_a.c @@ -1659,12 +1659,9 @@ int _msc_a_msg_down(struct msc_a *msc_a, enum msc_role to_role, uint32_t to_role .an_proto = msc_a->c.ran->an_proto, .msg = msc_role_ran_encode(msc_a->c.fi, ran_msg), }; - int rc; if (!an_apdu.msg) return -EIO; - rc = _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line); - msgb_free(an_apdu.msg); - return rc; + return _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line); } int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap) diff --git a/src/libmsc/msc_a_remote.c b/src/libmsc/msc_a_remote.c index 84eff0730..e4474f45d 100644 --- a/src/libmsc/msc_a_remote.c +++ b/src/libmsc/msc_a_remote.c @@ -179,8 +179,6 @@ static void msc_a_remote_send_handover_failure(struct msc_a *msc_a, enum gsm0808 return; msc_a_remote_msg_up_to_remote_msc(msc_a, MSC_ROLE_T, OSMO_GSUP_MSGT_E_PREPARE_HANDOVER_ERROR, &an_apdu); - msgb_free(an_apdu.msg); - return; } /* [MSC-A---------------------] [MSC-B---------------------] diff --git a/src/libmsc/msc_t.c b/src/libmsc/msc_t.c index af0ddaaef..43bc74e0c 100644 --- a/src/libmsc/msc_t.c +++ b/src/libmsc/msc_t.c @@ -145,7 +145,6 @@ static void msc_t_send_handover_failure(struct msc_t *msc_t, enum gsm0808_cause return; msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE, &an_apdu); - msgb_free(an_apdu.msg); } static int msc_t_ho_request_decode_and_store_cb(struct osmo_fsm_inst *msc_t_fi, void *data, @@ -238,7 +237,6 @@ static int msc_t_find_ran_peer_from_ho_request(struct msc_t *msc_t) static int msc_t_send_stored_ho_request__decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data, const struct ran_msg *ran_dec) { - int rc; struct an_apdu an_apdu; struct msc_t *msc_t = msc_t_priv(msc_t_fi); struct osmo_sockaddr_str *rtp_ran_local = data; @@ -263,9 +261,7 @@ static int msc_t_send_stored_ho_request__decode_cb(struct osmo_fsm_inst *msc_t_f }; if (!an_apdu.msg) return -EIO; - rc = msc_t_down_l2_co(msc_t, &an_apdu, true); - msgb_free(an_apdu.msg); - return rc; + return msc_t_down_l2_co(msc_t, &an_apdu, true); } /* The MGW endpoint is created, we know our AoIP Transport Layer Address and can send the Handover Request to the RAN @@ -472,9 +468,7 @@ static int msc_t_patch_and_send_ho_request_ack(struct msc_t *msc_t, const struct if (!an_apdu.msg) return -EIO; /* Send to remote MSC via msc_a_remote role */ - rc = msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE, &an_apdu); - msgb_free(an_apdu.msg); - return rc; + return msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE, &an_apdu); } static int msc_t_wait_ho_request_ack_decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data, diff --git a/src/libmsc/msub.c b/src/libmsc/msub.c index 112703a13..e4dd332e8 100644 --- a/src/libmsc/msub.c +++ b/src/libmsc/msub.c @@ -544,6 +544,8 @@ void msc_role_forget_conn(struct osmo_fsm_inst *role, struct ran_conn *conn) *conn_p = NULL; } +/* NOTE: the resulting message buffer will be attached to OTC_SELECT, so its lifetime + * is limited by the current select() loop iteration. Use talloc_steal() to avoid this. */ struct msgb *msc_role_ran_encode(struct osmo_fsm_inst *fi, const struct ran_msg *ran_msg) { struct msc_role_common *c = fi->priv; @@ -556,6 +558,8 @@ struct msgb *msc_role_ran_encode(struct osmo_fsm_inst *fi, const struct ran_msg msg = c->ran->ran_encode(fi, ran_msg); if (!msg) LOGPFSML(fi, LOGL_ERROR, "Failed to encode %s\n", ran_msg_type_name(ran_msg->msg_type)); + else + talloc_steal(OTC_SELECT, msg); return msg; } |