FR 2.1.9 Frequent SegFault, didn't happen with FR 2.1.8
Josip Rodin
joy at entuzijast.net
Wed Jun 9 23:59:47 CEST 2010
On Wed, Jun 09, 2010 at 10:00:14PM +0100, James J J Hooper wrote:
> OK - GDB log attached.
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1208649024 (LWP 2425)]
> 0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075
> 3075 } else if ((request->packet->code != request->proxy->code) &&
> * 1 Thread -1208649024 (LWP 2425) 0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075
>
> Thread 1 (Thread -1208649024 (LWP 2425)):
> #0 0x08067c64 in received_proxy_response (packet=0x8430a20) at event.c:3075
That code has indeed changed from 2.1.8 to 2.1.9, and it may be a simple bug
- there is no existence check for request->packet before its dereference in
the new CoA-related condition. There is an existence check for it below,
but by then it's too late. It looks like that branching could do with some
more reordering.
As a temporary workaround, you can probably compile with -D WITHOUT_COA
so that you lose that bit, assuming of course you don't use that feature :)
--
2. That which causes joy or happiness.
More information about the Freeradius-Users
mailing list