|
Introduce the concept of tests that will be ran one after the other.
This new test will send static message that will lead to the opening
of a PDP context. At this point one should use ping with a large
packet size and suspend/stop the emulator. Once the NS connection is
considered dead the SGSN will crash with a double free.
Reproduce:
0.) Add IMSI 901700000003094 to the ACL
1.) Stop/Suspend the emulation process so the NS Alive times out
2.) Use ping IP -s 2048
This will create a double free...
#4 0xb7bb2646 in talloc_abort_double_free () at talloc.c:175
#5 0xb7bbd41a in talloc_chunk_from_ptr (ptr=0x8091208) at talloc.c:190
#6 _talloc_free (ptr=0x8091208) at talloc.c:517
#7 talloc_free (ptr=ptr@entry=0x8091208) at talloc.c:990
#8 0xb7bb319b in msgb_free (m=m@entry=0x8091208) at msgb.c:72
#9 0x0804db54 in sndcp_send_ud_frag (fs=0xbfffcc6c) at gprs_sndcp.c:423
#10 sndcp_unitdata_req (msg=msg@entry=0x808eed8, lle=0x808fbc8, nsapi=5 '\005',
mmcontext=mmcontext@entry=0x80903e8) at gprs_sndcp.c:471
|