commit | 194b4cb4fd2bc7c0ca71fad14a314a517f5d4415 | [log] [tgz] |
---|---|---|
author | Neels Hofmeyr <nhofmeyr@sysmocom.de> | Thu Nov 10 03:19:21 2016 +0100 |
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | Thu Nov 10 03:19:22 2016 +0100 |
tree | 36721c2c7aaf42164346d65f373df07e906f817c | |
parent | b4ecc1d43b147d7b42ba4822727b713ce5074794 [diff] |
fix use after free in bsc_config_free talloc_free the cfg only after asserting num_bsc count sanity. This caused a failure in the 'bsc-nat' test with -fsanitize build. Should fix the Osmocom_Sanitizer build on jenkins.osmocom.org https://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/ Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c index 37b01e3..bb0f4c4 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
@@ -205,9 +205,9 @@ { llist_del(&cfg->entry); rate_ctr_group_free(cfg->stats.ctrg); - talloc_free(cfg); cfg->nat->num_bsc--; OSMO_ASSERT(cfg->nat->num_bsc >= 0) + talloc_free(cfg); } static void _add_lac(void *ctx, struct llist_head *list, int _lac)