Valgrind reports:
2437395-==
2437395== Invalid read of size 8
2437395:==
2437395== at 0x40B610: ospf6_asbr_update_route_ecmp_path (ospf6_asbr.c:327)
2437395-==
2437395== by 0x40BC7C: ospf6_asbr_lsa_add (ospf6_asbr.c:544)
2437395-==
2437395== by 0x40C5DF: ospf6_asbr_lsentry_add (ospf6_asbr.c:829)
2437395-==
2437395== by 0x42D88D: ospf6_top_brouter_hook_add (ospf6_top.c:185)
2437395-==
2437395== by 0x4188E3: ospf6_intra_brouter_calculation (ospf6_intra.c:2320)
2437395-==
2437395== by 0x42C624: ospf6_spf_calculation_thread (ospf6_spf.c:638)
2437395-==
2437395== by 0x4904B7E: thread_call (thread.c:1681)
2437395-==
2437395== by 0x48CAA27: frr_run (libfrr.c:1126)
2437395-==
2437395== by 0x40AF43: main (ospf6_main.c:232)
2437395-==
2437395== Address 0x5c668a8 is 24 bytes inside a block of size 256 free'd
2437395:==
2437395== at 0x48399AB: free (vg_replace_malloc.c:538)
2437395-==
2437395== by 0x429027: ospf6_route_delete (ospf6_route.c:419)
2437395-==
2437395== by 0x429027: ospf6_route_unlock (ospf6_route.c:460)
2437395-==
2437395== by 0x429027: ospf6_route_remove (ospf6_route.c:887)
2437395-==
2437395== by 0x40B343: ospf6_asbr_update_route_ecmp_path (ospf6_asbr.c:318)
2437395-==
2437395== by 0x40BC7C: ospf6_asbr_lsa_add (ospf6_asbr.c:544)
2437395-==
2437395== by 0x40C5DF: ospf6_asbr_lsentry_add (ospf6_asbr.c:829)
2437395-==
2437395== by 0x42D88D: ospf6_top_brouter_hook_add (ospf6_top.c:185)
2437395-==
2437395== by 0x4188E3: ospf6_intra_brouter_calculation (ospf6_intra.c:2320)
2437395-==
2437395== by 0x42C624: ospf6_spf_calculation_thread (ospf6_spf.c:638)
2437395-==
2437395== by 0x4904B7E: thread_call (thread.c:1681)
2437395-==
2437395== by 0x48CAA27: frr_run (libfrr.c:1126)
2437395-==
2437395== by 0x40AF43: main (ospf6_main.c:232)
2437395-==
2437395== Block was alloc'd at
2437395:==
2437395== at 0x483AB65: calloc (vg_replace_malloc.c:760)
2437395-==
2437395== by 0x48D2A32: qcalloc (memory.c:115)
2437395-==
2437395== by 0x427CE4: ospf6_route_create (ospf6_route.c:402)
2437395-==
2437395== by 0x40BA8A: ospf6_asbr_lsa_add (ospf6_asbr.c:490)
2437395-==
2437395== by 0x40C5DF: ospf6_asbr_lsentry_add (ospf6_asbr.c:829)
2437395-==
2437395== by 0x42D88D: ospf6_top_brouter_hook_add (ospf6_top.c:185)
2437395-==
2437395== by 0x4188E3: ospf6_intra_brouter_calculation (ospf6_intra.c:2320)
2437395-==
2437395== by 0x42C624: ospf6_spf_calculation_thread (ospf6_spf.c:638)
2437395-==
2437395== by 0x4904B7E: thread_call (thread.c:1681)
2437395-==
2437395== by 0x48CAA27: frr_run (libfrr.c:1126)
2437395-==
2437395== by 0x40AF43: main (ospf6_main.c:232)
ospfv3 loops through the ecmp routes to decide what to clean up. In some
situations the code free's up an existing route at the head of the list.
Cleaning the pointers in the list but never touching the original pointer.
In that case notice and update the old pointer.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
struct ospf6_route *route,
struct ospf6 *ospf6)
{
- struct ospf6_route *old_route;
+ struct ospf6_route *old_route, *next_route;
struct ospf6_path *ecmp_path, *o_path = NULL;
struct listnode *anode, *anext;
struct listnode *nnode, *rnode, *rnext;
/* check for old entry match with new route origin,
* delete old entry.
*/
- for (old_route = old; old_route; old_route = old_route->next) {
+ for (old_route = old; old_route; old_route = next_route) {
bool route_updated = false;
+ next_route = old_route->next;
+
if (!ospf6_route_is_same(old_route, route)
|| (old_route->path.type != route->path.type))
continue;
old_route->path.cost,
route->path.cost);
}
+ if (old == old_route)
+ old = next_route;
ospf6_route_remove(old_route,
ospf6->route_table);
}
projects / mirror / frr.git / commitdiff