From fdfaf9c519320c168632a1578908fe58bc9c3693 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Mon, 7 Jun 2010 22:32:10 +0800 Subject: bsc_msc_ip: Possible crash fix on the early assignment code path The crash happened when we had released the primary channel for one reason or another but still got the assignment complete on the secondary. This null checking is some extra caution, with the previous commit we should fail the msc_data test early in this method. --- openbsc/src/bsc_msc_ip.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'openbsc') diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c index aedd45f38..c133ef58c 100644 --- a/openbsc/src/bsc_msc_ip.c +++ b/openbsc/src/bsc_msc_ip.c @@ -441,20 +441,22 @@ static int handle_ass_compl(struct msgb *msg) return -1; } - /* swap the channels and release the old */ - old_chan = msg->lchan->msc_data->lchan; - msg->lchan->msc_data->lchan = msg->lchan; - msg->lchan->msc_data->secondary_lchan = NULL; - old_chan->msc_data = NULL; - /* assign a dummy subscriber */ assign_dummy_subscr(msg->lchan); - /* give up the old channel to not do a SACCH deactivate */ - if (old_chan->conn.subscr) - subscr_put(old_chan->conn.subscr); - old_chan->conn.subscr = NULL; - put_subscr_con(&old_chan->conn, 1); + /* swap the channels and release the old */ + old_chan = msg->lchan->msc_data->lchan; + if (old_chan) { + msg->lchan->msc_data->lchan = msg->lchan; + msg->lchan->msc_data->secondary_lchan = NULL; + old_chan->msc_data = NULL; + + /* give up the old channel to not do a SACCH deactivate */ + if (old_chan->conn.subscr) + subscr_put(old_chan->conn.subscr); + old_chan->conn.subscr = NULL; + put_subscr_con(&old_chan->conn, 1); + } /* activate audio on it... */ if (is_ipaccess_bts(msg->lchan->ts->trx->bts) && msg->lchan->tch_mode != GSM48_CMODE_SIGN) -- cgit v1.2.3