Hi, In the recent change made to the above function to register for ARP events, it looks like there is an access to the pool elements using pointers across a pool_get call.
-- while (p && *p != ~0) { mc = pool_elt_at_index (am->mac_changes, *p); if (mc->node_index == node_index && mc->type_opaque == type_opaque && mc->pid == pid) break; p = &mc->next_index; } -- Above, p is pointing to a field inside a pool element. Then a pool allocation happens: -- pool_get (am->mac_changes, mc); -- And later the old p is used to set the new_idx - which is an issue because pool_get above would have re-allocated the pool memory. -- if (p) { p[0] = new_idx; } -- Please let me know if my understanding is correct, so I can file a jira ticket. Thanks, -nagp
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev