libmsc: fix memory leak (struct msgb) in msc_i_ran_enc()

Function msc_i_ran_enc() calls msc_role_ran_encode(), but unlike the
other callers of this function it does not free() the encoded message.

A simple solution would be to call msgb_free(), like it's done in
the other places.  But a more elegant solution is to modify function
msc_role_ran_encode(), so that it attaches the msgb to OTC_SELECT.
This way there is no need to call msgb_free() here and there.

This change fixes a memleak observed while running ttcn3-msc-test.

Change-Id: I741e082badc32ba9a97c1495c894e1d22e122e3a
Related: OS#5340
This commit is contained in:
Vadim Yanitskiy 2021-12-07 18:32:35 +03:00
parent d405bad32d
commit c44342b88c
4 changed files with 7 additions and 14 deletions

View File

@ -1659,12 +1659,9 @@ int _msc_a_msg_down(struct msc_a *msc_a, enum msc_role to_role, uint32_t to_role
.an_proto = msc_a->c.ran->an_proto, .an_proto = msc_a->c.ran->an_proto,
.msg = msc_role_ran_encode(msc_a->c.fi, ran_msg), .msg = msc_role_ran_encode(msc_a->c.fi, ran_msg),
}; };
int rc;
if (!an_apdu.msg) if (!an_apdu.msg)
return -EIO; return -EIO;
rc = _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line); return _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line);
msgb_free(an_apdu.msg);
return rc;
} }
int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap) int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap)

View File

@ -179,8 +179,6 @@ static void msc_a_remote_send_handover_failure(struct msc_a *msc_a, enum gsm0808
return; return;
msc_a_remote_msg_up_to_remote_msc(msc_a, MSC_ROLE_T, OSMO_GSUP_MSGT_E_PREPARE_HANDOVER_ERROR, &an_apdu); msc_a_remote_msg_up_to_remote_msc(msc_a, MSC_ROLE_T, OSMO_GSUP_MSGT_E_PREPARE_HANDOVER_ERROR, &an_apdu);
msgb_free(an_apdu.msg);
return;
} }
/* [MSC-A---------------------] [MSC-B---------------------] /* [MSC-A---------------------] [MSC-B---------------------]

View File

@ -145,7 +145,6 @@ static void msc_t_send_handover_failure(struct msc_t *msc_t, enum gsm0808_cause
return; return;
msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE, &an_apdu); msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE, &an_apdu);
msgb_free(an_apdu.msg);
} }
static int msc_t_ho_request_decode_and_store_cb(struct osmo_fsm_inst *msc_t_fi, void *data, static int msc_t_ho_request_decode_and_store_cb(struct osmo_fsm_inst *msc_t_fi, void *data,
@ -238,7 +237,6 @@ static int msc_t_find_ran_peer_from_ho_request(struct msc_t *msc_t)
static int msc_t_send_stored_ho_request__decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data, static int msc_t_send_stored_ho_request__decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data,
const struct ran_msg *ran_dec) const struct ran_msg *ran_dec)
{ {
int rc;
struct an_apdu an_apdu; struct an_apdu an_apdu;
struct msc_t *msc_t = msc_t_priv(msc_t_fi); struct msc_t *msc_t = msc_t_priv(msc_t_fi);
struct osmo_sockaddr_str *rtp_ran_local = data; struct osmo_sockaddr_str *rtp_ran_local = data;
@ -263,9 +261,7 @@ static int msc_t_send_stored_ho_request__decode_cb(struct osmo_fsm_inst *msc_t_f
}; };
if (!an_apdu.msg) if (!an_apdu.msg)
return -EIO; return -EIO;
rc = msc_t_down_l2_co(msc_t, &an_apdu, true); return msc_t_down_l2_co(msc_t, &an_apdu, true);
msgb_free(an_apdu.msg);
return rc;
} }
/* The MGW endpoint is created, we know our AoIP Transport Layer Address and can send the Handover Request to the RAN /* The MGW endpoint is created, we know our AoIP Transport Layer Address and can send the Handover Request to the RAN
@ -472,9 +468,7 @@ static int msc_t_patch_and_send_ho_request_ack(struct msc_t *msc_t, const struct
if (!an_apdu.msg) if (!an_apdu.msg)
return -EIO; return -EIO;
/* Send to remote MSC via msc_a_remote role */ /* Send to remote MSC via msc_a_remote role */
rc = msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE, &an_apdu); return msub_role_dispatch(msc_t->c.msub, MSC_ROLE_A, MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE, &an_apdu);
msgb_free(an_apdu.msg);
return rc;
} }
static int msc_t_wait_ho_request_ack_decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data, static int msc_t_wait_ho_request_ack_decode_cb(struct osmo_fsm_inst *msc_t_fi, void *data,

View File

@ -544,6 +544,8 @@ void msc_role_forget_conn(struct osmo_fsm_inst *role, struct ran_conn *conn)
*conn_p = NULL; *conn_p = NULL;
} }
/* NOTE: the resulting message buffer will be attached to OTC_SELECT, so its lifetime
* is limited by the current select() loop iteration. Use talloc_steal() to avoid this. */
struct msgb *msc_role_ran_encode(struct osmo_fsm_inst *fi, const struct ran_msg *ran_msg) struct msgb *msc_role_ran_encode(struct osmo_fsm_inst *fi, const struct ran_msg *ran_msg)
{ {
struct msc_role_common *c = fi->priv; struct msc_role_common *c = fi->priv;
@ -556,6 +558,8 @@ struct msgb *msc_role_ran_encode(struct osmo_fsm_inst *fi, const struct ran_msg
msg = c->ran->ran_encode(fi, ran_msg); msg = c->ran->ran_encode(fi, ran_msg);
if (!msg) if (!msg)
LOGPFSML(fi, LOGL_ERROR, "Failed to encode %s\n", ran_msg_type_name(ran_msg->msg_type)); LOGPFSML(fi, LOGL_ERROR, "Failed to encode %s\n", ran_msg_type_name(ran_msg->msg_type));
else
talloc_steal(OTC_SELECT, msg);
return msg; return msg;
} }