osmo-msc segfaults on early clear request (take out battery while ringing)
When a mobile to mobile call is placed and the battery of the called MS is taken out while it is ringing osmo MSC segfaults.
#1 Updated by dexter over 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 100
The problem turned out to be a use-after free situation in msc_mgcp.c. The FSM reaches ST_HALT and terminates there. However. There is still an MGCP transaction pending that hits late, this eventually causes a use after free because the MGW callback tries to access the FSM. This must be prevented by canceling active MGW trasactions before we free.