I have submitted a bug:
https://sourceforge.net/tracker/?func=detail&aid=3050990&group_id=1730&atid=101730
We have had several crashes when calling SLPFindSrvs.
We are passing a null scope list and the problem occurs in the following
section of code:
/* Get a scope list if not supplied. */
if (pcScopeList == 0 || *pcScopeList == 0)
pcScopeList = SLPPropertyGet("net.slp.useScopes", 0, 0);
If pcScopeList is NULL or empty string SLPPropertyGet returns the value from
the slp.conf file. Sometimes, however, this call returns NULL which is
unchecked and later on when strlen() is called on the NULL string the
application will crash.
The first issue is the code assumes the get property will always successfully
return a string even though it is possible that it can return NULL.
The biggest issue however is why the SLPPropertyGet for "net.slp.useScopes"
returns NULL when thousands of times previously it has returned the correct
value.
I believe this is caused by a race condition in the property access.
Periodically libslp refreshes its properties by first clearing them and then
reloading them. Modifications and accesses to the property list are protected
by MUTEXes but clearing and reloading the property list is not an atomic
action, it is two actions, clearing and reloading. If SLPFindSrvs is unlucky
enough to be called between these two actions the call will crash.
Gareth
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Openslp-devel mailing list
Openslp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openslp-devel
