diff options
| author |   Alexander Couzens <lynxis@fe80.eu> | 2021-04-01 15:36:54 +0200 |
|---|---|---|
| committer | lynxis lazus <lynxis@fe80.eu> | 2021-04-06 14:30:19 +0000 |
| commit | 5b72247ddeb6cf3564ab442203681df63619355d (patch) | |
| tree | 027ffae7a7042d641effa63de0db0e8b59887705 | |
| parent | stat_item: add comment with struct overview (diff) | |
| download | libosmocore-5b72247ddeb6cf3564ab442203681df63619355d.tar.xz libosmocore-5b72247ddeb6cf3564ab442203681df63619355d.zip | |
gprs_ns2: nsvc_fsm: reorder notification st_alive_on_enter()
The start_procedure() can't be called after ns2_nse_notify_unblocked()
because ns2_nse_notify_unblocked() might free the nsvc.
Otherwise the fsm will do use-after-free on the NSVC memory.
Related: SYS#5416
Change-Id: If97dfd123eefd71fc6c3fe886a243a21784aeeb4
| -rw-r--r-- | src/gb/gprs_ns2_vc_fsm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gb/gprs_ns2_vc_fsm.c b/src/gb/gprs_ns2_vc_fsm.c index a8cb570c..85cd2add 100644 --- a/src/gb/gprs_ns2_vc_fsm.c +++ b/src/gb/gprs_ns2_vc_fsm.c @@ -460,8 +460,8 @@ static void ns2_st_alive_onenter(struct osmo_fsm_inst *fi, uint32_t old_state) if (old_state != GPRS_NS2_ST_RECOVERING) priv->N = 0; - ns2_nse_notify_unblocked(priv->nsvc, false); start_test_procedure(fi, true); + ns2_nse_notify_unblocked(priv->nsvc, false); } static const struct osmo_fsm_state ns2_vc_states[] = { |