abis_om2k: protect MO FSMs by NULL check
Also set MO FSMs to NULL after freeing them.
Change-Id: I30df0b9ab8bc47ba9756c8388e977deed0e40200
diff --git a/openbsc/src/libbsc/abis_om2000.c b/openbsc/src/libbsc/abis_om2000.c
index 9bf0fe2..82a14b2 100644
--- a/openbsc/src/libbsc/abis_om2000.c
+++ b/openbsc/src/libbsc/abis_om2000.c
@@ -1697,9 +1697,19 @@
static void om2k_mo_s_done_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
{
+ struct om2k_mo_fsm_priv *omfp = fi->priv;
+ omfp->mo->fsm = NULL;
osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
}
+static void om2k_mo_s_error_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
+{
+ struct om2k_mo_fsm_priv *omfp = fi->priv;
+
+ omfp->mo->fsm = NULL;
+ osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
+}
+
static const struct osmo_fsm_state om2k_is_states[] = {
[OM2K_ST_INIT] = {
.name = "INIT",
@@ -1794,7 +1804,7 @@
.name = "ERROR",
.in_event_mask = 0,
.out_state_mask = 0,
- .onenter = om2k_mo_s_done_onenter,
+ .onenter = om2k_mo_s_error_onenter,
},
};
@@ -2697,6 +2707,12 @@
msgb_hexdump(msg));
return 0;
}
+ if (!mo->fsm) {
+ LOGP(DNM, LOGL_ERROR, "MO object should not generate any message. fsm == NULL "
+ "%s: %s\n", get_value_string(om2k_msgcode_vals, msg_type),
+ msgb_hexdump(msg));
+ return 0;
+ }
/* Dispatch message to that MO */
om2k_mo_fsm_recvmsg(bts, mo, &odm);