Bug #3406
closednullpointer deref in mgcp_protocol.c, function etup_rtp_processing()
100%
Description
osmo-mgw occasionally runs into a nullpointer deref problem:
osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:92:9: runtime error: member access within null pointer of type 'struct mgcp_conn_rtp'
looking in static int setup_rtp_processing(struct mgcp_endpoint *endp, struct mgcp_conn_rtp *conn), we can see that there is a function pointer executed:setup_rtp_processing(struct mgcp_endpoint *endp, struct mgcp_conn_rtp *conn). While conn_dst is always populated with some conn, there is a chance that conn_src is still NULL. then the deref to conn_dst->end fails.
We could check before we execute the function pointer, but maybe the function there needs to know that there is some null pointer connection and take actions in those cases. The function pointer should get struct mgcp_conn_rtp pointers rather then struct mgcp_rtp_end, then we do not need to dereference early and the function itself can check and take action if needed.
Updated by dexter almost 6 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 100
I think that should fix the problem:
https://gerrit.osmocom.org/#/c/osmo-mgw/+/10055 protocol: prevent unnecessary null pointer deref
Updated by dexter almost 6 years ago
- Status changed from In Progress to Resolved
