Bug #3066
closed
osmo-msc segfaults on early clear request (take out battery while ringing)
Added by dexter about 6 years ago.
Updated about 6 years ago.
Description
When a mobile to mobile call is placed and the battery of the called MS is taken out while it is ringing osmo MSC segfaults.
Files
- Status changed from New to In Progress
- % Done changed from 0 to 100
The problem turned out to be a use-after free situation in msc_mgcp.c. The FSM reaches ST_HALT and terminates there. However. There is still an MGCP transaction pending that hits late, this eventually causes a use after free because the MGW callback tries to access the FSM. This must be prevented by canceling active MGW trasactions before we free.
See also:
https://gerrit.osmocom.org/7282
- Status changed from In Progress to Resolved
Also available in: Atom
PDF