fix two segfaults
* when paging callback is called, we need to consider a failed paging
operation (i.e. lchan == NULL)
* we have to zero-initialize every transaction that is allocated
diff --git a/openbsc/src/gsm_04_08.c b/openbsc/src/gsm_04_08.c
index 76d748c..d6f131e 100644
--- a/openbsc/src/gsm_04_08.c
+++ b/openbsc/src/gsm_04_08.c
@@ -387,6 +387,9 @@
* operation taking place on the lchan.
*/
struct gsm_lchan *lchan = (struct gsm_lchan *)handler_data;
+ if (!lchan)
+ return 0;
+
release_loc_updating_req(lchan);
/* Free all transactions that are associated with the released lchan */
@@ -1932,7 +1935,7 @@
struct gsm_subscriber *subscr = param;
struct gsm_trans *transt, *tmp;
struct gsm_network *net;
-
+
if (hooknum != GSM_HOOK_RR_PAGING)
return -EINVAL;
@@ -3428,7 +3431,7 @@
GSM48_CC_CAUSE_DEST_OOO);
}
/* Create transaction */
- if (!(trans = talloc(tall_trans_ctx, struct gsm_trans))) {
+ if (!(trans = talloc_zero(tall_trans_ctx, struct gsm_trans))) {
DEBUGP(DCC, "No memory for trans.\n");
subscr_put(subscr);
/* Ressource unavailable */