[Xorp-hackers] valgrind: selector.cc: Reading free'd memory

Bruce Simpson bms at incunabulum.net
Wed Sep 30 02:24:07 PDT 2009


Ben Greear wrote:
> Looks like we are running stale node objects that have since
> been deleted by the resizing of the _selector entries.
>   

Thanks for the feedback. Can you please raise a Trac ticket about this 
issue?.

As far as I know, the commercial product is still using the same libxorp 
code for the EventLoop and SelectorList components, so engineering needs 
to see this one.

There have been some instances of use-after-free with std::vector 
elsewhere in the code base. It is an easy mistake to leave pointers into 
a vector's storage which are later resized.
Early last year, I caught some instances of this in libxorp/libxipc 
after valgrind runs. I noted some more general issues like this, and 
suggested to Atanu, at that time, that a co-ordinated QA sweep was needed.

In the case of SelectorList, this is a class whose semantics are already 
implemented inside Boost.ASIO's io_service. One advantage is that ASIO 
has had a lot more eyes on it, so issues quickly get stamped out. 
However, cutting over to ASIO is not a simple drop-in change -- it 
requires a lot of refactoring, and what's in XORP now, is there largely 
because ASIO, and other useful tools, just didn't exist when the project 
started :-)

thanks,
BMS



More information about the Xorp-hackers mailing list