rn_walktree_from bug or feature ?

Tue, 12 Nov 2002 13:29:06 -0800 

The function rn_walktree_from() accesses to the array xm, however when a 
default IPv4 route is removed (RTM_DELETE), rn has the following values:
  rn->rn_bmask = 0x80h
  xm = { 0, 0, 0, 0 }
  rn->offset = 4

Then, sometimes the following test:
  if (!(rn->rn_bmask & xm[rn->rn_offset]))
    break;
could lead to a panic when xm[4] is out of the 4KB pages. It happens very 
rarely.

I am wondering if it is a well-known bug or if our analyse is wrong.

static int
rn_walktree_from(h, a, m, f, w)
 [...]
    for (rn = h->rnh_treetop; rn->rn_bit >= 0; ) {
        last = rn;
        /* printf("rn_bit %d, rn_bmask %x, xm[rn_offset] %x\n",
               rn->rn_bit, rn->rn_bmask, xm[rn->rn_offset]); */
        if (!(rn->rn_bmask & xm[rn->rn_offset])) { /* XXX: panic ??? */
                break;
        }
        if (rn->rn_bmask & xa[rn->rn_offset]) {
                rn = rn->rn_right;
        } else {
                rn = rn->rn_left;
        }
    }
    [ ... ]


Regards,
  Vincent

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to