diff options
author | Dimitri Staessens <[email protected]> | 2022-03-31 08:58:23 +0200 |
---|---|---|
committer | Sander Vrijders <[email protected]> | 2022-04-01 08:09:22 +0200 |
commit | ccfcc0efcff8b3460a7870541df09d537bfeae8f (patch) | |
tree | f13dbe9792a9324c408b38bc3d444361b0cd9f58 /src | |
parent | 369400aab2b464b2ef11d30547f5ca7eee2a4b2a (diff) | |
download | ouroboros-ccfcc0efcff8b3460a7870541df09d537bfeae8f.tar.gz ouroboros-ccfcc0efcff8b3460a7870541df09d537bfeae8f.zip |
lib: Fix fqueue_next handling of deallocated flows
If a flow was deallocated while there were still unprocessed events in
an fqueue, it would cause a SEGV in fqueue_next because it was not
checking the validity of the returned flow descriptor.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/dev.c | 10 | ||||
-rw-r--r-- | src/lib/shm_flow_set.c | 1 |
2 files changed, 8 insertions, 3 deletions
diff --git a/src/lib/dev.c b/src/lib/dev.c index 7ffc2a0a..9b413bcd 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -167,7 +167,7 @@ static void port_destroy(struct port * p) while (p->state != PORT_NULL) pthread_cond_wait(&p->state_cond, &p->state_lock); - p->fd = -1; + p->fd = -1; p->state = PORT_INIT; pthread_mutex_unlock(&p->state_lock); @@ -1624,6 +1624,12 @@ static int fqueue_filter(struct fqueue * fq) pthread_rwlock_rdlock(&ai.lock); fd = ai.ports[fq->fqueue[fq->next].flow_id].fd; + if (fd < 0) { + ++fq->next; + pthread_rwlock_unlock(&ai.lock); + continue; + } + frcti = ai.flows[fd].frcti; if (frcti == NULL) { pthread_rwlock_unlock(&ai.lock); @@ -1657,7 +1663,7 @@ static int fqueue_filter(struct fqueue * fq) ++fq->next; } - return fq->next < fq->fqsize; + return 0; } int fqueue_next(struct fqueue * fq) diff --git a/src/lib/shm_flow_set.c b/src/lib/shm_flow_set.c index 25e7e32b..f8c6bb2c 100644 --- a/src/lib/shm_flow_set.c +++ b/src/lib/shm_flow_set.c @@ -314,7 +314,6 @@ void shm_flow_set_notify(struct shm_flow_set * set, return; } - e = fqueue_ptr(set, set->mtable[flow_id]) + set->heads[set->mtable[flow_id]]; |