From b62653a635f46b7e95378a8ce96dc1ecaee34149 Mon Sep 17 00:00:00 2001 From: Alexander Couzens Date: Tue, 18 Sep 2018 16:53:42 +0200 Subject: sgsn_ggsn_ctx_drop_pdp: protect against nullpointer when MM is gone When the GGSN crashs, the SGSN will be notified after it comes back. Because of the async operation, the mm ctx could be already gone. Change-Id: I507a8c2193c84f8dff7f5d669adcd3583331f289 --- src/gprs/gprs_sgsn.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/gprs/gprs_sgsn.c') diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c index 977ae4898..dc0e7c075 100644 --- a/src/gprs/gprs_sgsn.c +++ b/src/gprs/gprs_sgsn.c @@ -707,7 +707,9 @@ failed: void sgsn_ggsn_ctx_drop_pdp(struct sgsn_pdp_ctx *pctx) { - if (pctx->mm->gmm_state == GMM_REGISTERED_NORMAL) { + /* the MM context can be deleted while the GGSN is not reachable or + * if has been crashed. */ + if (pctx->mm && pctx->mm->gmm_state == GMM_REGISTERED_NORMAL) { gsm48_tx_gsm_deact_pdp_req(pctx, GSM_CAUSE_NET_FAIL, true); sgsn_ggsn_ctx_remove_pdp(pctx->ggsn, pctx); } else { -- cgit v1.2.3