FR 2.1.9 Frequent SegFault, didn't happen with FR 2.1.8

Josip Rodin joy at entuzijast.net
Wed Jun 9 23:59:47 CEST 2010


On Wed, Jun 09, 2010 at 10:00:14PM +0100, James J J Hooper wrote:
> OK - GDB log attached.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1208649024 (LWP 2425)]
> 0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075
> 3075		} else if ((request->packet->code != request->proxy->code) &&
> * 1 Thread -1208649024 (LWP 2425)  0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075
> 
> Thread 1 (Thread -1208649024 (LWP 2425)):
> #0  0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075

That code has indeed changed from 2.1.8 to 2.1.9, and it may be a simple bug
- there is no existence check for request->packet before its dereference in
the new CoA-related condition. There is an existence check for it below,
but by then it's too late. It looks like that branching could do with some
more reordering.

As a temporary workaround, you can probably compile with -D WITHOUT_COA
so that you lose that bit, assuming of course you don't use that feature :)

-- 
     2. That which causes joy or happiness.



More information about the Freeradius-Users mailing list