bsc: Fix a crash in case we get a NACK from the BTS for a new channel
In case of a nack the secondary_lchan will be NULLed but then the T10
timeout will attempt to release the channel and we will try to release
a NULL pointer.
Daniel witnessed this crash at the camp and added the NULL check at:
28d9ccbca0cb522c90f551cf4bf243acab7a1944, it is also the proper fix
given the _NAK handling.
diff --git a/openbsc/src/libbsc/bsc_api.c b/openbsc/src/libbsc/bsc_api.c
index df81d49..8ddbc6c 100644
--- a/openbsc/src/libbsc/bsc_api.c
+++ b/openbsc/src/libbsc/bsc_api.c
@@ -136,12 +136,12 @@
LOGP(DMSC, LOGL_ERROR, "Assigment T10 timeout on %p\n", conn);
- /* normal release on the secondary channel */
- if (conn->secondary_lchan) {
+ /*
+ * normal release on the secondary channel but only if the
+ * secondary_channel has not been released by the handle_chan_nack.
+ */
+ if (conn->secondary_lchan)
lchan_release(conn->secondary_lchan, 0, 1);
- } else {
- LOGP(DMSC, LOGL_NOTICE, "Secondary lchan is NULL, not releasing\n");
- }
conn->secondary_lchan = NULL;
/* inform them about the failure */