diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2017-11-22 15:43:03 +0100 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2017-11-27 15:40:01 +0100 |
commit | 82be67de2b7ce5c8907ad61f495997c804923fbe (patch) | |
tree | 0d6ebef4025e3bd002508588bf4a6b21a405fb09 /tests/msc_vlr/msc_vlr_test_call.err | |
parent | a99b42709a09b1b822da0e431bf3308da7b7a295 (diff) |
fix use after free: missing conn_get on CC paging response
Adjust test expectations accordingly.
The error was:
==16084==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500000f5f4 at pc 0x561be639ac2b bp 0x7ffc0aabbe40 sp 0x7ffc0aabbe38
READ of size 4 at 0x61500000f5f4 thread T0
#0 0x561be639ac2a in _msc_subscr_conn_put ../../../../src/osmo-msc/src/libmsc/osmo_msc.c:384
#1 0x561be636070b in rx_from_ms ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:204
#2 0x561be6360b21 in ms_sends_msg ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:217
#3 0x561be635b40a in test_call_mt ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_test_call.c:328
#4 0x561be6363bb7 in run_tests ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:802
#5 0x561be63524ea in main ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:849
#6 0x7f6eebb3e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#7 0x561be6352fb9 in _start (/n/s/osmo/make-3G/osmo-msc/tests/msc_vlr/msc_vlr_test_call+0xdafb9)
Related: OS#2672
Change-Id: If0659a878deb383ed0300217e2c41c8c79b2b6a5
Diffstat (limited to 'tests/msc_vlr/msc_vlr_test_call.err')
-rw-r--r-- | tests/msc_vlr/msc_vlr_test_call.err | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/tests/msc_vlr/msc_vlr_test_call.err b/tests/msc_vlr/msc_vlr_test_call.err index 6fd928853..5ffab4a5c 100644 --- a/tests/msc_vlr/msc_vlr_test_call.err +++ b/tests/msc_vlr/msc_vlr_test_call.err @@ -602,6 +602,7 @@ DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_NEW}: SUBSCR_CONN_FROM_PAGING_RES DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_NEW}: state_chg to SUBSCR_CONN_S_ACCEPTED DPAG Paging success for MSISDN:42342 (event=0) DPAG Calling paging cbfn. +DREF MSISDN:42342: MSC conn use + trans_cc == 2 (0xc) DMSC msc_tx 2 bytes to MSISDN:42342 via RAN_UTRAN_IU - DTAP --RAN_UTRAN_IU--> MS: GSM48_MT_CC_SETUP: 0305 - DTAP matches expected message @@ -610,7 +611,7 @@ DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_ACCEPTED}: Received Event SUBSCR_ DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_ACCEPTED}: bump: connection still has active transaction: GSM48_PDISC_CC paging_stopped == 1 MSC <--RAN_UTRAN_IU-- MS: GSM48_MT_CC_CALL_CONF -DREF MSISDN:42342: MSC conn use + dtap == 2 (0x6) +DREF MSISDN:42342: MSC conn use + dtap == 3 (0xe) DRLL Dispatching 04.08 message GSM48_MT_CC_CALL_CONF (0x3:0x8) MS <--Call Assignment-- MSC: subscr=MSISDN:42342 callref=0x423 DMNCC transmit message MNCC_CALL_CONF_IND @@ -619,27 +620,27 @@ DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_ACCEPTED}: Received Event SUBSCR_ DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_ACCEPTED}: state_chg to SUBSCR_CONN_S_COMMUNICATING DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_BUMP DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: bump: connection still has active transaction: GSM48_PDISC_CC -DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4) +DREF MSISDN:42342: MSC conn use - dtap == 2 (0xc) - Total time passed: 1.000023 s MSC <--RAN_UTRAN_IU-- MS: GSM48_MT_CC_ALERTING -DREF MSISDN:42342: MSC conn use + dtap == 2 (0x6) +DREF MSISDN:42342: MSC conn use + dtap == 3 (0xe) DRLL Dispatching 04.08 message GSM48_MT_CC_ALERTING (0x3:0x1) DMNCC transmit message MNCC_ALERT_IND MSC --> MNCC: callref 0x423: MNCC_ALERT_IND DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_COMMUNICATING DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_BUMP DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: bump: connection still has active transaction: GSM48_PDISC_CC -DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4) +DREF MSISDN:42342: MSC conn use - dtap == 2 (0xc) - Total time passed: 2.000046 s MSC <--RAN_UTRAN_IU-- MS: GSM48_MT_CC_CONNECT -DREF MSISDN:42342: MSC conn use + dtap == 2 (0x6) +DREF MSISDN:42342: MSC conn use + dtap == 3 (0xe) DRLL Dispatching 04.08 message GSM48_MT_CC_CONNECT (0x3:0x7) DMNCC transmit message MNCC_SETUP_CNF MSC --> MNCC: callref 0x423: MNCC_SETUP_CNF DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_COMMUNICATING DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_BUMP DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: bump: connection still has active transaction: GSM48_PDISC_CC -DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4) +DREF MSISDN:42342: MSC conn use - dtap == 2 (0xc) DMNCC receive message MNCC_SETUP_COMPL_REQ DMSC msc_tx 2 bytes to MSISDN:42342 via RAN_UTRAN_IU - DTAP --RAN_UTRAN_IU--> MS: GSM48_MT_CC_CONNECT_ACK: 030f @@ -650,27 +651,26 @@ DMSC msc_tx 2 bytes to MSISDN:42342 via RAN_UTRAN_IU --- - Call ends MSC <--RAN_UTRAN_IU-- MS: GSM48_MT_CC_DISCONNECT -DREF MSISDN:42342: MSC conn use + dtap == 2 (0x6) +DREF MSISDN:42342: MSC conn use + dtap == 3 (0xe) DRLL Dispatching 04.08 message GSM48_MT_CC_DISCONNECT (0x3:0x25) DMNCC transmit message MNCC_DISC_IND MSC --> MNCC: callref 0x423: MNCC_DISC_IND DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_COMMUNICATING DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_BUMP DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: bump: connection still has active transaction: GSM48_PDISC_CC -DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4) +DREF MSISDN:42342: MSC conn use - dtap == 2 (0xc) DMNCC receive message MNCC_REL_REQ DMSC msc_tx 2 bytes to MSISDN:42342 via RAN_UTRAN_IU - DTAP --RAN_UTRAN_IU--> MS: GSM48_MT_CC_RELEASE: 032d - DTAP matches expected message MSC <--RAN_UTRAN_IU-- MS: GSM48_MT_CC_RELEASE_COMPL -DREF MSISDN:42342: MSC conn use + dtap == 2 (0x6) +DREF MSISDN:42342: MSC conn use + dtap == 3 (0xe) DRLL Dispatching 04.08 message GSM48_MT_CC_RELEASE_COMPL (0x3:0x2a) DMNCC transmit message MNCC_REL_CNF MSC --> MNCC: callref 0x423: MNCC_REL_CNF MS <--Call Release-- MSC: subscr=MSISDN:42342 callref=0x0 DREF VLR subscr MSISDN:42342 usage decreases to: 2 -DREF MSISDN:42342: MSC conn use error: freeing an unused token: trans_cc -DREF MSISDN:42342: MSC conn use - trans_cc == 1 (0x6) +DREF MSISDN:42342: MSC conn use - trans_cc == 2 (0x6) DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_COMMUNICATING DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_BUMP DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_COMMUNICATING}: bump: releasing conn @@ -682,12 +682,12 @@ DVLR Process_Access_Request_VLR(901700000010650){PR_ARQ_S_DONE}: Freeing instanc DVLR Process_Access_Request_VLR(901700000010650){PR_ARQ_S_DONE}: Deallocated DMM msc_subscr_conn_close(vsub=MSISDN:42342, cause=2): no conn fsm, releasing directly without release event. - Iu Release --RAN_UTRAN_IU--> MS -DREF MSISDN:42342: MSC conn use - fsm == 0 (0x2) -DRLL subscr MSISDN:42342: Freeing subscriber connection -DREF VLR subscr MSISDN:42342 usage decreases to: 1 +DREF MSISDN:42342: MSC conn use - fsm == 1 (0x2) DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Freeing instance DMM Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Deallocated -DREF unknown: MSC conn use - dtap failed: is already 0 +DREF MSISDN:42342: MSC conn use - dtap == 0 (0x0) +DRLL subscr MSISDN:42342: Freeing subscriber connection +DREF VLR subscr MSISDN:42342 usage decreases to: 1 llist_count(&net->subscr_conns) == 0 DREF freeing VLR subscr MSISDN:42342 ===== test_call_mt: SUCCESS |