Actions
Bug #4208
closedcrash: libosmocore/src/gsm/gsm48.c:788:18: runtime error: load of null pointer of type 'const uint8_t'
Start date:
09/16/2019
Due date:
% Done:
0%
Spec Reference:
Description
address sanitizer finds a NULL dereference in osmo-sgsn.
Reproduce: try to register via IuPS.
20190916185253653 DMM INFO MM(---/ffffffff) -> GMM RA UPDATE REQUEST type="RA updating" (gprs_gmm.c:1531)
20190916185253653 DMM INFO MM(901700000014705/f343f6c1) Looked up by matching TLLI and P_TMSI. BSSGP TLLI: 00000000, P-TMSI: f343f6c1 (00000000), TLLI: f343f6c1 (f343f6c1), RA: 262-42-23-0 (gprs_gmm.c:1606)
20190916185253653 DMM DEBUG GMM(gmm_fsm)[0x612000004420]{Registered.NORMAL}: Received Event E_GMM_COMMON_PROC_INIT_REQ (gprs_gmm.c:1607)
20190916185253653 DMM DEBUG GMM(gmm_fsm)[0x612000004420]{Registered.NORMAL}: state_chg to CommonProcedureInitiated (gprs_gmm_fsm.c:53)
../../../../src/libosmocore/src/gsm/gsm48.c:788:18: runtime error: load of null pointer of type 'const uint8_t'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==2471==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff328fadc80 bp 0x7ffc1e26f1a0 sp 0x7ffc1e26f180 T0)
==2471==The signal is caused by a READ memory access.
==2471==Hint: address points to the zero page.
#0 0x7ff328fadc7f in gsm48_parse_ra ../../../../src/libosmocore/src/gsm/gsm48.c:788
#1 0x7ff328d471b7 in bssgp_parse_cell_id ../../../../src/libosmocore/src/gb/gprs_bssgp.c:243
#2 0x55757f7ead4c in gsm48_rx_gmm_ra_upd_req ../../../../src/osmo-sgsn/src/sgsn/gprs_gmm.c:1646
#3 0x55757f7ee340 in gsm0408_rcv_gmm ../../../../src/osmo-sgsn/src/sgsn/gprs_gmm.c:1952
#4 0x55757f7f511b in gsm0408_gprs_rcvmsg_iu ../../../../src/osmo-sgsn/src/sgsn/gprs_ranap.c:205
#5 0x7ff3278ebac4 in ranap_handle_co_initial_ue ../../../src/osmo-iuh/src/iu_client.c:401
More complete traces follow.
Files
Actions
