From 1927052de63e10044850b533a62c5018ec19606d Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Mon, 12 Aug 2019 18:47:46 +0200 Subject: gprs_gmm: Introduce assert to guard against unexpected condition This may well be the culprit of OS#3957, were already freed llme is accessed from mmctx context later on, upon some timer is triggered in mmctx. Related: OS#3957 Change-Id: I8e1eaeb9b3ebee8e45704b4fe007190c7db609e4 --- src/gprs/gprs_gmm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c index 0fcf1bb66..718fc97f6 100644 --- a/src/gprs/gprs_gmm.c +++ b/src/gprs/gprs_gmm.c @@ -1741,6 +1741,11 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, "The MM context cannot be used, RA: %03d-%0*d-%d-%d\n", mmctx->ra.mcc, mmctx->ra.mnc_3_digits, mmctx->ra.mnc, mmctx->ra.lac, mmctx->ra.rac); + /* mmctx is set to NULL and gprs_llgmm_unassign(llme) will be + called below, let's make sure we don't keep dangling llme + pointers in mmctx (OS#3957). */ + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) + OSMO_ASSERT(mmctx->gb.llme == NULL); mmctx = NULL; } -- cgit v1.2.3