Project

General

Profile

Actions
Copy link

Bug #3066

closed

osmo-msc segfaults on early clear request (take out battery while ringing)

Added by dexter about 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
dexter
Category:
-
Target version:
-
Start date:
03/14/2018
Due date:
% Done:

100%

Resolution:
Spec Reference:

Description

When a mobile to mobile call is placed and the battery of the called MS is taken out while it is ringing osmo MSC segfaults.

Files

mo_call_take_batt_out_on_mt_ms_while_ringing.pcapng mo_call_take_batt_out_on_mt_ms_while_ringing.pcapng 1.22 MB dexter, 03/14/2018 01:26 PM
Actions
Copy link
 #1

Updated by dexter about 6 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 100

The problem turned out to be a use-after free situation in msc_mgcp.c. The FSM reaches ST_HALT and terminates there. However. There is still an MGCP transaction pending that hits late, this eventually causes a use after free because the MGW callback tries to access the FSM. This must be prevented by canceling active MGW trasactions before we free.

See also:
https://gerrit.osmocom.org/7282

Actions
Copy link
 #2

Updated by dexter about 6 years ago

  • Status changed from In Progress to Resolved
Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)