[Xorp-hackers] BGP SubnetRoute[Const]Ref copy constructor doesn't check for a NULL route

Pavlin Radoslavov pavlin at icir.org
Mon Jul 30 14:03:36 PDT 2007


Euan Harris <euan.harris at cl.cam.ac.uk> wrote:

> Hi,
> 
> The copy constructor in BGP's SubnetRouteRef and SubnetRouteConstRef  doesn't
> check whether the route pointed to by the Ref it is copying  is NULL before
> calling bump_refcount on it.   The main constructor  does check, so it is
> possible to construct a Ref to a NULL route  without any trouble but cause a
> segfault when some other part of the  program tries to copy it.  This might
> happen when you try to insert  the reference into a RefTrie.
> 
> I've attached a tiny patch that adds the required check.   I don't  think this
> problem will come up in the current Xorp code because it  does not store NULL
> routes.

Euan,

I think you are right, it is a bug.
I just committed your fix to CVS:

Revision  Changes                               Path
1.24      +5 -3;  commitid: 126d846ae51177ea6;  xorp/bgp/subnet_route.hh

Thanks,
Pavlin



More information about the Xorp-hackers mailing list