LAPD: segfault when bootstrapping Nokia InSite
When bootstrapping a Nokia InSite BTS, current OsmoNITB segfaults.
The reason for this is as follows:
- ABM is established.
- LAPD code hands an I frame to the application using send_dl_l3()
- user application decides to call lapd_sap_stop() resulting in a local RELEASE request to LAPD
- LAPD clears the transmit history and changes to IDLE state
- application returns from processing the I frame
- code proceeds in lapd_rx_i() and tries to transmit an I frame, as it didn't realize the state has meanwhile changed
- lapd_send_i() tries to use dl->tx_hist -> boom.
As this is the second bug related to accessing a free'd tx_hist, the code seems to require a more thorough audit.