Hi,
I have been trying to trace a segfault in ip_frag_find which I am seeing in
production for some time now.
In the following code in function ip_frag_find from ip_frag_internal.c, the lru
is not being validated for being not null. At this point the table is
guaranteed to have an entry in the tail queue? Is a null check on lru required
here?
/*
* we found a free entry, check if we can use it.
* If we run out of free entries in the table, then
* check if we have a timed out entry to delete.
*/
} else if (free != NULL &&
tbl->max_entries <= tbl->use_entries) {
lru = TAILQ_FIRST(&tbl->lru);
if (max_cycles + lru->start < tms) {
ip_frag_tbl_del(tbl, dr, lru);
} else {
free = NULL;
IP_FRAG_TBL_STAT_UPDATE(&tbl->stat,
fail_nospace, 1);
}
}
Thanks,
Padam
