SGSN msgb annotation to fix memory leaks and avoid double free

Mentor Holger Freyther
Skills C
Length 10 days


The msgb ownership in the SGSN is not well defined. This leads to memory leaks but also to double frees. One approach would be to add reference counting to the msgb object but the preferred option right now is to properly define ownership and enforce this. The work is mostly analytic work. One should start with all methods deleting the msgb (leaves/edges). Then find all possible paths that lead to these method and do it recursively. Linus Torvalds 'sparse' compiler can be patched to generate such information. The next step should be to introduce annotations that define what happens to the msgb when this message is called and then modify sparse to know this annotation and verify it among the paths.


Ticket #55 is an example of this kind of problem.


  • Code review assisted with sparse
  • Tooling support to avoid this kind of error in the future

Learning experience

  • Sparse and static analysis
  • Refactoring of a meaningful amount of code

Updated by almost 8 years ago · 3 revisions

Add picture from clipboard (Maximum size: 48.8 MB)