Please sign in to comment.
pimd: Fix pim_mroute_del crash while terminating pimd
When pimd is getting terminated, pim_upstream_del() gets called as part of cleaning process. pim_upstream_del() deletes the route and assigns NULL to the up->channel_oil. It also deletes each if_channel by calling the function pim_ifchannel_delete(). pim_ifchannel_delete() internally calls the caller function pim_upstream_del(), if it is the last ifchannel for that upstream. So pim_upstream_del is getting called twice, which will access the up->channel_oil which was already set to NULL before. This results in crash. Fix: pim_ifchannel_delete() should call pim_upstream_del (caller function) only if the up->ref_count > 0. Added an assert(up->ref_count > 0) in the function pim_upstream_del(). Signed-off-by: Sarita Patra <firstname.lastname@example.org>
- Loading branch information...
Showing with 12 additions and 1 deletion.