From 3f84c4c1b2a1c1dc615c848ad4cf991460616771 Mon Sep 17 00:00:00 2001 From: Philipp Maier Date: Thu, 23 Sep 2021 16:19:51 +0200 Subject: assignment_fsm: Check for conn->lchan When the SDCCH gets released while the TCH still beeing activated, then the ChanActivACK that is received after the TCH is activated will trigger a segmentation fault in the assignment_fsm. The reason for this is that conn->lchan, which holds the SDCCH at that point in time, is now NULL. To prevent osmo-bsc from crashing, the FSM should check for the presence of conn->lchan first. If it does not exist, the FSM should terminate. (Assignment failed) Change-Id: I3b1cd88bea62ef0032f6c035bac95d3df9fdca7a Related: SYS#5627, OS#5255 --- src/osmo-bsc/assignment_fsm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c index faaec535e..3eda129dc 100644 --- a/src/osmo-bsc/assignment_fsm.c +++ b/src/osmo-bsc/assignment_fsm.c @@ -611,6 +611,15 @@ static void assignment_fsm_wait_rr_ass_complete_onenter(struct osmo_fsm_inst *fi int rc; struct gsm_subscriber_connection *conn = assignment_fi_conn(fi); + /* There may be situations where the SDCCH gets released while the TCH is still being activated. We will then + * receive ChanActivAck message from the BTS when the TCH is ready. Since the SDCCH is already released by + * then conn->lchan will be NULL in this case. */ + if (!conn->lchan) { + assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE, + "Unable to send RR Assignment Command: conn without lchan"); + return; + } + rc = gsm48_send_rr_ass_cmd(conn->lchan, conn->assignment.new_lchan, conn->lchan->ms_power); -- cgit v1.2.3