https://osmocom.org/
https://osmocom.org/favicon.ico?1664741409
2021-07-19T12:07:08Z
Open Source Mobile Communications
osmo-gbproxy - Bug #5200: CTRL command nsvc-state causes memory corruption
https://osmocom.org/issues/5200?journal_id=22398
2021-07-19T12:07:08Z
daniel
<ul></ul><pre>
(gdb) f 2
#2 0x00007ffff651bd7d in poll_fill_fds () at select.c:294
294 if (!ufd->when)
(gdb) list
289 unsigned int i = 0;
290
291 llist_for_each_entry(ufd, &osmo_fds, list) {
292 struct pollfd *p;
293
294 if (!ufd->when)
295 continue;
296
297 p = &g_poll.poll[i++];
298
(gdb) p ufd
$1 = (struct osmo_fd *) 0x610000001ea0
(gdb) p *ufd
$2 = {list = {next = 0x297064752c317630, prev = 0x302e302e3732315b}, fd = 979185966, when = 808465202, cb = 0x2e3732315b3e3c30,
data = 0x3a5d30312e302e30, priv_nr = 926365495}
(gdb) p osmo_fds
$3 = {next = 0x7ffff6656320 <osmo_stats_timer>, prev = 0x611000007630}
(gdb) p &osmo_fds
$4 = (struct llist_head *) 0x7ffff4f889c0
(gdb) p osmo_fds->next
$5 = (struct llist_head *) 0x7ffff6656320 <osmo_stats_timer>
(gdb) p *osmo_fds->next
$6 = {next = 0x612000001720, prev = 0x7ffff4f889c0}
(gdb) p *osmo_fds->next->next
$7 = {next = 0x6120000021a0, prev = 0x7ffff6656320 <osmo_stats_timer>}
(gdb) p *osmo_fds->next->next->next
$8 = {next = 0x7ffff67f71e0 <server_socket>, prev = 0x612000001720}
(gdb) p *osmo_fds->next->next->next->next
$9 = {next = 0x610000001ea0, prev = 0x6120000021a0}
(gdb) p *osmo_fds->next->next->next->next->next
$10 = {next = 0x297064752c317630, prev = 0x302e302e3732315b}
(gdb)
</pre>
osmo-gbproxy - Bug #5200: CTRL command nsvc-state causes memory corruption
https://osmocom.org/issues/5200?journal_id=22399
2021-07-19T12:24:49Z
daniel
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>20</i></li></ul><p>Ok, I think I found it. ctrl_nsvc_state_cb() was expecting a struct nsvc_cb_data as ctx, but we were passing it just the struct ctrl_cmd. Obviously this command has never been tested..</p>
<p>It works with my patch:<br /><pre>
$ osmo_ctrl.py -d localhost -p 4263 -g nsvc-state
Got message: b'GET_REPLY 6409974032755247648 nsvc-state 101,udp)[127.0.0.1]:23000<>[127.0.0.10]:7777,UNCONFIGURED,SGSN\n102,udp)[127.0.0.1]:23000<>[127.0.0.11]:8888,UNCONFIGURED,SGSN\n'
</pre></p>
osmo-gbproxy - Bug #5200: CTRL command nsvc-state causes memory corruption
https://osmocom.org/issues/5200?journal_id=22401
2021-07-19T14:13:20Z
daniel
<ul><li><strong>% Done</strong> changed from <i>20</i> to <i>80</i></li></ul><p>Fixes for this (and one other) crash:</p>
<p><a class="external" href="https://gerrit.osmocom.org/c/osmo-gbproxy/+/24964">https://gerrit.osmocom.org/c/osmo-gbproxy/+/24964</a><br /><a class="external" href="https://gerrit.osmocom.org/c/osmo-gbproxy/+/24965">https://gerrit.osmocom.org/c/osmo-gbproxy/+/24965</a></p>
osmo-gbproxy - Bug #5200: CTRL command nsvc-state causes memory corruption
https://osmocom.org/issues/5200?journal_id=22412
2021-07-27T09:26:10Z
daniel
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>80</i> to <i>100</i></li></ul><p>Patches have been merged</p>