diff options
| author | Pavel Tvrdík <pawel.tvrdik@gmail.com> | 2016-02-08 16:08:50 +0100 |
|---|---|---|
| committer | Pavel Tvrdík <pawel.tvrdik@gmail.com> | 2016-02-08 16:08:50 +0100 |
| commit | 1bb3ecb2a5369bc1992514da3cf5ef59dca46416 (patch) | |
| tree | faaa16bbbedabd5707f2e482cdcd8f4103026066 | |
| parent | 2a013bb3a01174fac3a841fd825ac4f13f3ea84d (diff) | |
Fix closing flushed channel
Fix reading from freed memory.
Free at: channel_set_state(c, CS_DOWN)
Read at: WALK_LIST2_DELSAFE(c, n, x, tab->channels, table_node)
==00:00:00:00.261 24718==
==00:00:09:31.755 24718== Invalid read of size 8
==00:00:09:31.755 24718== at 0x4061BA: rt_prune_table (rt-table.c:1688)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Address 0x5601538 is 136 bytes inside a block of size 304 free'd
==00:00:09:31.755 24718== at 0x4C29D2A: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x46FF3E: rfree (resource.c:166)
==00:00:09:31.755 24718== by 0x470309: mb_free (resource.c:415)
==00:00:09:31.755 24718== by 0x406A6B: rt_unlock_table (rt-table.c:1921)
==00:00:09:31.755 24718== by 0x40DAE3: channel_do_down (proto.c:297)
==00:00:09:31.755 24718== by 0x40DD46: channel_set_state (proto.c:359)
==00:00:09:31.755 24718== by 0x4061AD: rt_prune_table (rt-table.c:1692)
==00:00:09:31.755 24718== by 0x405D5E: rt_event (rt-table.c:1559)
==00:00:09:31.755 24718== by 0x45D089: ev_run (event.c:85)
==00:00:09:31.755 24718== by 0x45D158: ev_run_list (event.c:142)
==00:00:09:31.755 24718== by 0x462814: io_loop (io.c:2412)
==00:00:09:31.755 24718== by 0x468712: main (main.c:833)
==00:00:09:31.755 24718== Block was alloc'd at
==00:00:09:31.755 24718== at 0x4C28C10: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:09:31.755 24718== by 0x470FBC: bird_xmalloc (xmalloc.c:29)
==00:00:09:31.755 24718== by 0x4701E6: mb_alloc (resource.c:339)
==00:00:09:31.755 24718== by 0x406C29: rt_commit (rt-table.c:1977)
==00:00:09:31.755 24718== by 0x45C36D: config_do_commit (conf.c:269)
==00:00:09:31.755 24718== by 0x45C545: config_commit (conf.c:361)
==00:00:09:31.755 24718== by 0x4686F9: main (main.c:822)
==00:00:09:31.755 24718==
| -rw-r--r-- | nest/rt-table.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nest/rt-table.c b/nest/rt-table.c index 88f60bdf..2c9c6e3a 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -1689,7 +1689,10 @@ again: if (c->flush_active) { c->flush_active = 0; - channel_set_state(c, CS_DOWN); + struct rtable_config *rtab_cf = c->table->config; + channel_set_state(c, CS_DOWN); /* Can free (struct rtable *) c->table */ + if (rtab_cf->table == NULL) + break; } return; |