[Xorp-hackers] Potential null pointer dereference.
Ben Greear
greearb at candelatech.com
Tue Mar 4 23:10:04 PST 2008
Pavlin Radoslavov wrote:
> Bruce M Simpson <bms at incunabulum.net> wrote:
>
>
>> Pavlin Radoslavov wrote:
>>
>>> The reason those XLOG statements are FATAL is to capture bugs that
>>> might be hiding somewhere else.
>>> If you were able to trigger those statements, could you provide
>>> instructions how to reproduce the problem so we can investigate it.
>>>
>>>
>> +1.
>>
>> Whilst Ben's patches are well intentioned, they do not fully address the
>> issues, and you correctly point out they most likely mask the underlying
>> issue.
>>
>> There is definitely a corner case in the first situation, where vifp may
>> be NULL and yet be dereferenced when is_deleted is true. This applies to
>> all netlink socket processing.
>>
>
> Yes, the NULL pointer dereferencing was a bug which is now fixed.
>
>
>> In the second situation, it looks like the case where the FEA is told of
>> a new interface event by Linux, for an interface which it doesn't know
>> about, this is treated as a fatal error by the FEA.
>>
>
> The interface event is addition of a new address to an interface.
> Obviously, the kernel must first tell the FEA that an interface is
> added/exists and only then the "new address" event should be send.
> Hence, it is a mystery for me when/why the XLOG_FATAL() there is
> triggered.
It is possible that there really was a bug somewhere..and I hit this assert
before that bug was fixed. Even in my code, I keep a trace message
there...I'll
keep an eye out for that to see if I ever see it again.
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Xorp-hackers
mailing list