[quagga-users 14226] OSPFD crashing with segmentation fault error

pawan agarwal pabanagarwalla at gmail.com
Sun Feb 7 18:56:53 GMT 2016


Hi,

I am trying to enable opaque lsa in quagga ospf.

but at shutdown when it is trying free interface list in ospf_finish_final
it is carsahing

1ST:

static void
free_opaque_info_per_type (void *val)
{
  struct opaque_info_per_type *oipt = (struct opaque_info_per_type *) val;
  struct opaque_info_per_id *oipi;
  struct ospf_lsa *lsa;
  struct listnode *node, *nnode;

  /* Control information per opaque-id may still exist. */
  for (ALL_LIST_ELEMENTS (oipt->id_list, node, nnode, oipi))
    {
      if ((lsa = oipi->lsa) == NULL)
        continue;
      if (IS_LSA_MAXAGE (lsa))
        continue;
      ospf_opaque_lsa_flush_schedule (lsa);
    }



  /* Remove "oipt" from its owner's self-originated LSA list. */
  switch (oipt->lsa_type)
    {
    case OSPF_OPAQUE_LINK_LSA:
      {
        struct ospf_interface *oi = (struct ospf_interface *)(oipt->owner);
        listnode_delete (oi->opaque_lsa_self, oipt);
        break;



 next = node->next;
      if (list->del)
        (*list->del) (node->data);
      listnode_free (node);


This two operation happening on same node one after another, So when it is
trying free same node second time it crashing .








2ND:

void
ospf_opaque_lsa_flush_schedule (struct ospf_lsa *lsa0)
{
  struct opaque_info_per_type *oipt;
  struct opaque_info_per_id *oipi;
  struct ospf_lsa *lsa;

  if ((oipt = lookup_opaque_info_by_type (lsa0)) == NULL
  ||  (oipi = lookup_opaque_info_by_id (oipt, lsa0)) == NULL)
    {
      zlog_warn ("ospf_opaque_lsa_flush_schedule: Invalid parameter?");
      goto out;
    }

  /* Given "lsa0" and current "oipi->lsa" may different, but harmless. */
  if ((lsa = oipi->lsa) == NULL)
    {
      zlog_warn ("ospf_opaque_lsa_flush_schedule: Something wrong?");
      goto out;
    }

  /* Delete this lsa from neighbor retransmit-list. */
  switch (lsa->data->type)
    {
    case OSPF_OPAQUE_LINK_LSA:
    case OSPF_OPAQUE_AREA_LSA:
      ospf_ls_retransmit_delete_nbr_area (lsa->area, lsa);
      break;
    case OSPF_OPAQUE_AS_LSA:
      ospf_ls_retransmit_delete_nbr_as (lsa0->area->ospf, lsa);
      break;
    default:
      zlog_warn ("ospf_opaque_lsa_flush_schedule: Unexpected LSA-type(%u)",
lsa->data->type);
      goto out;
   }

  /* Dequeue listnode entry from the list. */
  listnode_delete (oipt->id_list, oipi);


static void
free_opaque_info_per_type (void *val)
{
  struct opaque_info_per_type *oipt = (struct opaque_info_per_type *) val;
  struct opaque_info_per_id *oipi;
  struct ospf_lsa *lsa;
  struct listnode *node, *nnode;

  /* Control information per opaque-id may still exist. */
  for (ALL_LIST_ELEMENTS (oipt->id_list, node, nnode, oipi))
    {
      if ((lsa = oipi->lsa) == NULL)
        continue;
      if (IS_LSA_MAXAGE (lsa))
        continue;
      ospf_opaque_lsa_flush_schedule (lsa);
    }

Here it is looping the list and inside "ospf_opaque_lsa_flush_schedule"

make free the wole list, so once it enter in schedule function and come out
this loop trigger on invalid memory.

Please suggest me best solution for this two error.

Regards
Paban
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-users/attachments/20160208/8323176f/attachment.html>


More information about the Quagga-users mailing list