ASCI: Fix Null pointer dereference bug in gsm44068_bcc_gcc_trans_free() Fixes: CID#322142 Change-Id: Iab0b66dfcfdb870eaec4611720ce3a5f2089bd21

commit: b865c62d3365a46d2da764cbcd2038b7ed3488e9 [log] [tgz]
author: Andreas Eversberg <jolly@eversberg.eu> Wed Jul 19 10:06:07 2023 +0200
committer: laforge <laforge@osmocom.org> Fri Jul 21 11:16:16 2023 +0000
tree: 6bc4a8a8274367826a557a55d9086c3d608e9f44
parent: 33a433a56191cfa84cf52207fed38559fa1061a4 [diff] [blame]
diff --git a/src/libmsc/msc_vgcs.c b/src/libmsc/msc_vgcs.c
index ca1fa97..3970308 100644
--- a/src/libmsc/msc_vgcs.c
+++ b/src/libmsc/msc_vgcs.c

@@ -1531,12 +1531,11 @@
 {
 	struct vgcs_bss *bss, *bss2;
 
-	/* Change state. */
-	osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N0_NULL, 0, 0);
-
 	/* Free FSM. */
-	if (trans->gcc.fi)
+	if (trans->gcc.fi) {
+		osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N0_NULL, 0, 0);
 		osmo_fsm_inst_term(trans->gcc.fi, OSMO_FSM_TERM_REGULAR, NULL);
+	}
 
 	/* Remove relations to cells.
 	 * We must loop safe, because bss_clear() will detach every call control instance from list. */
commit	b865c62d3365a46d2da764cbcd2038b7ed3488e9	[log] [tgz]
author	Andreas Eversberg <jolly@eversberg.eu>	Wed Jul 19 10:06:07 2023 +0200
committer	laforge <laforge@osmocom.org>	Fri Jul 21 11:16:16 2023 +0000
tree	6bc4a8a8274367826a557a55d9086c3d608e9f44
parent	33a433a56191cfa84cf52207fed38559fa1061a4 [diff] [blame]