Project

General

Profile

Actions
Copy link

Bug #5170

closed

segfault while trying to activate lchan (bts=0,trx=0,ts=0,ss=0) with codec fr

Added by fixeria almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
fixeria
Category:
-
Target version:
-
Start date:
06/04/2021
Due date:
% Done:

100%

Spec Reference:

Description

I wanted to activate a traffic channel from the VTY, and mistyped the timeslot number:

OsmoBSC# bts 0 trx 0 timeslot 0 sub-slot 0 activate fr

DRSL NOTICE bsc_vty.c:6120 (bts=0,trx=0,ts=0,ss=0) (not initialized) attempt from VTY to activate lchan (bts=0,trx=0,ts=0,ss=0) with codec fr
bsc_vty.c:6124:16: runtime error: member access within null pointer of type 'struct osmo_fsm_inst'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==325396==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000034 (pc 0x55b94d934922 bp 0x7ffe30471ff0 sp 0x7ffe30471e90 T0)
==325396==The signal is caused by a READ memory access.
==325396==Hint: address points to the zero page.
    #0 0x55b94d934922 in lchan_act_single /home/wmn/wmn/osmocom/osmo-bsc/src/osmo-bsc/bsc_vty.c:6124
    #1 0x55b94d93751c in lchan_act /home/wmn/wmn/osmocom/osmo-bsc/src/osmo-bsc/bsc_vty.c:6293
    #2 0x7f3c6928b682 in cmd_execute_command_real ../../../../src/libosmocore/src/vty/command.c:2602
    #3 0x7f3c6928f1a8 in vty_command ../../../../src/libosmocore/src/vty/vty.c:438
    #4 0x7f3c6928f1a8 in vty_execute ../../../../src/libosmocore/src/vty/vty.c:702
    #5 0x7f3c6928f1a8 in vty_read ../../../../src/libosmocore/src/vty/vty.c:1428
    #6 0x7f3c69291b1d in client_data ../../../../src/libosmocore/src/vty/telnet_interface.c:154
    #7 0x7f3c69255866 in poll_disp_fds ../../../src/libosmocore/src/select.c:350
    #8 0x7f3c69255866 in _osmo_select_main ../../../src/libosmocore/src/select.c:378
    #9 0x7f3c6925593e in osmo_select_main_ctx ../../../src/libosmocore/src/select.c:434
    #10 0x55b94db7fcbd in main /home/wmn/wmn/osmocom/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:1037
    #11 0x7f3c68631b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #12 0x55b94d7cefbd in _start (/home/wmn/wmn/osmocom/osmo-bsc/src/osmo-bsc/osmo-bsc+0x70bfbd)

Of course, (bts=0,trx=0,ts=0) is CCCH/BCCH (non-combined) and my command is wrong, but still we should not crash.

This happens with the recent master:

commit 829c8e505216210502571a79fe371cf49d805d7b
Change-Id: I53ad3067623077b6a8737c2a0aecc8b46bf71a15
Actions
Copy link
 #1

Updated by fixeria almost 3 years ago

  • Status changed from New to Feedback
  • Assignee changed from neels to fixeria
  • % Done changed from 0 to 100

Found a solution myself:

https://gerrit.osmocom.org/c/osmo-bsc/+/24540 VTY: fix NULL-pointer dereference in lchan_act_single() [NEW]

Actions
Copy link
 #2

Updated by fixeria almost 3 years ago

  • Status changed from Feedback to Resolved

Merged.

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)