[Xorp-hackers] valgrind: selector.cc: Reading free'd memory
Bruce Simpson
bms at incunabulum.net
Wed Sep 30 02:24:07 PDT 2009
Ben Greear wrote:
> Looks like we are running stale node objects that have since
> been deleted by the resizing of the _selector entries.
>
Thanks for the feedback. Can you please raise a Trac ticket about this
issue?.
As far as I know, the commercial product is still using the same libxorp
code for the EventLoop and SelectorList components, so engineering needs
to see this one.
There have been some instances of use-after-free with std::vector
elsewhere in the code base. It is an easy mistake to leave pointers into
a vector's storage which are later resized.
Early last year, I caught some instances of this in libxorp/libxipc
after valgrind runs. I noted some more general issues like this, and
suggested to Atanu, at that time, that a co-ordinated QA sweep was needed.
In the case of SelectorList, this is a class whose semantics are already
implemented inside Boost.ASIO's io_service. One advantage is that ASIO
has had a lot more eyes on it, so issues quickly get stamped out.
However, cutting over to ASIO is not a simple drop-in change -- it
requires a lot of refactoring, and what's in XORP now, is there largely
because ASIO, and other useful tools, just didn't exist when the project
started :-)
thanks,
BMS
More information about the Xorp-hackers
mailing list