jfdionne wrote:
The crash is caused by an access to a DTX downlink AMR FSM structure element when DTX is not in use. The FSM structure is not allocated if DTX is not in use since osmo-bts commit acfccb3f028c8417df42de9a6400896eb269a614.
The faulty access is done at the beginning of dtx_dl_amr_fsm_step function of src/common/msg_utils.c. I suggest the following patch:
diff --git a/src/common/msg_utils.c b/src/common/msg_utils.c
index b844eec..a2aaf71 100644
--- a/src/common/msg_utils.c
+++ b/src/common/msg_utils.c
@ -156,12 +156,15
@ int dtx_dl_amr_fsm_step(struct gsm_lchan *lchan, const uint8_t *rtp_pl,
int8_t sti, cmi;
int rc;
- if (lchan->type GSM_LCHAN_TCH_H && /* SID-FIRST P1 > P2 completion /
lchan->tch.dtx.dl_amr_fsm->state ST_SID_F2 && !rtp_pl) {
- *len = 3;
- memcpy(l1_payload, lchan->tch.dtx.cache, 2);
- dtx_dispatch(lchan, E_SID_U);
- return 0;
+ if (dtx_dl_amr_enabled(lchan))
+ {
+ if (lchan->type GSM_LCHAN_TCH_H && / SID-FIRST P1 > P2 completion */
+ lchan>tch.dtx.dl_amr_fsm->state ST_SID_F2 && !rtp_pl) {
+ *len = 3;
+ memcpy(l1_payload, lchan->tch.dtx.cache, 2);
+ dtx_dispatch(lchan, E_SID_U);
+ return 0;
+ }
}
if (!rtp_pl_len)