Hi, Just wanted to confirm if this Is an issue - so I can file a jira ticket.
Thanks, -nagp On Tue, May 30, 2017 at 1:19 PM, Nagaprabhanjan Bellaru < nagp.li...@gmail.com> wrote: > Hi, > > In the recent change made to the above function to register for ARP > events, it looks like there is an access to the pool elements using > pointers across a pool_get call. > > -- > while (p && *p != ~0) > { > mc = pool_elt_at_index (am->mac_changes, *p); > if (mc->node_index == node_index && mc->type_opaque == type_opaque > && mc->pid == pid) > break; > p = &mc->next_index; > } > -- > > Above, p is pointing to a field inside a pool element. Then a pool > allocation happens: > -- > pool_get (am->mac_changes, mc); > -- > > And later the old p is used to set the new_idx - which is an issue because > pool_get above would have re-allocated the pool memory. > -- > if (p) { > p[0] = new_idx; > } > -- > > Please let me know if my understanding is correct, so I can file a jira > ticket. > > Thanks, > -nagp >
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev