Date: Tue, 12 Nov 2002 22:44:36 +0100 From: Vincent Jardin <vjardin@wanadoo.fr> To: net@freebsd.org Subject: rn_walktree_from bug or feature ? Message-ID: <20021112214436.F200E10339E@venus.vincentjardin.net>
index | next in thread | raw e-mail
The function rn_walktree_from() accesses to the array xm, however when a
default IPv4 route is removed (RTM_DELETE), rn has the following values:
rn->rn_bmask = 0x80h
xm = { 0, 0, 0, 0 }
rn->offset = 4
Then, sometimes the following test:
if (!(rn->rn_bmask & xm[rn->rn_offset]))
break;
could lead to a panic when xm[4] is out of the 4KB pages. It happens very
rarely.
I am wondering if it is a well-known bug or if our analyse is wrong.
static int
rn_walktree_from(h, a, m, f, w)
[...]
for (rn = h->rnh_treetop; rn->rn_bit >= 0; ) {
last = rn;
/* printf("rn_bit %d, rn_bmask %x, xm[rn_offset] %x\n",
rn->rn_bit, rn->rn_bmask, xm[rn->rn_offset]); */
if (!(rn->rn_bmask & xm[rn->rn_offset])) { /* XXX: panic ??? */
break;
}
if (rn->rn_bmask & xa[rn->rn_offset]) {
rn = rn->rn_right;
} else {
rn = rn->rn_left;
}
}
[ ... ]
Regards,
Vincent
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021112214436.F200E10339E>