From 068f54795495d478e51d40dfcd390ce005933f9d Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Mon, 6 Mar 2017 09:50:26 +0100
Subject: call: Fix call release handling on mncc connection loss

The app_mncc_disconnected will be called when the MNCC socket is down
and lead to all calls being released. It directly released the call but
did not stop the MNCC CMD timer. Go through the call release callback.

==3618==    at 0x804A18A: app_mncc_disconnected (app.c:49)
==3618==    by 0x804B52D: close_connection (mncc.c:255)

This lead to the timer not being removed:

==3593== Invalid read of size 4
==3593==    at 0x4305D42: rb_first (rbtree.c:294)
==3593==    by 0x42FCB37: osmo_timers_update (timer.c:220)
==3593==    by 0x804D1D5: evpoll (evpoll.c:89)
==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x8049AA6: main (main.c:171)
==3593==  Address 0x47f3380 is 232 bytes inside a block of size 272 free'd
==3593==    at 0x402A3A8: free (vg_replace_malloc.c:473)
==3593==    by 0x42E7FD1: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.5)
==3593==    by 0x804A3C4: call_leg_release (call.c:83)
==3593==    by 0x804A188: app_mncc_disconnected (app.c:48)
==3593==    by 0x804B52D: close_connection (mncc.c:255)
==3593==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
==3593==    by 0x804CC86: check_setup (mncc.c:435)
==3593==    by 0x804CC86: mncc_data (mncc.c:795)
==3593==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
==3593==    by 0x804D1F2: evpoll (evpoll.c:92)
==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x8049AA6: main (main.c:171)

Change-Id: I2e8e14b3983f84c9be046bbd96bbcd1e5766993e
---
 src/app.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/app.c')

diff --git a/src/app.c b/src/app.c
index 4a88b36..585b577 100644
--- a/src/app.c
+++ b/src/app.c
@@ -45,9 +45,9 @@ void app_mncc_disconnected(struct mncc_connection *conn)
 		LOGP(DAPP, LOGL_NOTICE,
 			"Going to release call(%u) due MNCC.\n", call->id);
 		if (call->initial)
-			call_leg_release(call->initial);
+			call->initial->release_call(call->initial);
 		if (call->remote)
-			call_leg_release(call->remote);
+			call->remote->release_call(call->remote);
 	}
 }
 
-- 
cgit v1.2.3