diff options
author | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-04-24 14:02:01 +0200 |
---|---|---|
committer | Pau Espin Pedrol <pespin@sysmocom.de> | 2018-04-24 14:02:03 +0200 |
commit | 86f212666a1967d0f9ebbcf0efa6976daabf7af6 (patch) | |
tree | 65d73e61124736ad7d27b091778a0c547ac7b43a /src/libmsc | |
parent | 3f8cec8f662373275465f11d2aa961a5be956aa5 (diff) |
setup_trig_pag_evt: Fix heap-use-after-free
Catched by osmo-gsm-tester running test voice:octphy.
Fixes following AddressSanitizer report:
==18864==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a000016f18 at pc 0x55f1b29eee5c bp 0x7ffdaa2ac000 sp 0x7ffdaa2abff8
WRITE of size 8 at 0x61a000016f18 thread T0
#0 0x55f1b29eee5b in setup_trig_pag_evt osmo-msc/src/libmsc/gsm_04_08.c:1490
#1 0x55f1b2a086c1 in subscr_paging_dispatch osmo-msc/src/libmsc/gsm_subscriber.c:101
#2 0x7fb88e07c1c9 in osmo_timers_update libosmocore/src/timer.c:257
#3 0x7fb88e07f1b1 in osmo_select_main libosmocore/src/select.c:253
#4 0x55f1b29b600b in main osmo-msc/msc_main.c:694
#5 0x7fb88bebe2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#6 0x55f1b29b69f9 in _start (osmo-msc/bin/osmo-msc+0xf09f9)
Related: OS#3198
Change-Id: Ie7fdca4d48e247c77a53e81aec2b6bacd8fef678
Diffstat (limited to 'src/libmsc')
-rw-r--r-- | src/libmsc/gsm_04_08.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index 27aff5510..5c453165c 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -1467,6 +1467,7 @@ static int setup_trig_pag_evt(unsigned int hooknum, unsigned int event, OSMO_ASSERT(conn); /* Assign conn */ transt->conn = msc_subscr_conn_get(conn, MSC_CONN_USE_TRANS_CC); + transt->paging_request = NULL; /* send SETUP request to called party */ gsm48_cc_tx_setup(transt, &transt->cc.msg); break; @@ -1486,7 +1487,6 @@ static int setup_trig_pag_evt(unsigned int hooknum, unsigned int event, break; } - transt->paging_request = NULL; return 0; } |