[Click] unsafe write in dequeue.cc, problem with Packet::shift_data
Ulf Hermann
uhermann at informatik.hu-berlin.de
Wed Jun 18 08:56:37 EDT 2008
Hi,
First of all, thanks a lot for your work on click. It really helped me
with my diploma thesis. However, while working with it, I found two
problems. First, there is an error in the click dequeue implementation.
In operator= it reserves too little memory, resulting in _tail being out
of range and subsequently writing to memory it hasn't allocated. The
following small patch to dequeue.cc fixes that:
50c50
< if (reserve(o._n)) {
---
> if (reserve(o._n + 1)) {
Also I found a problem with Packet::shift_data, but in the meantime you
have changed that function yourself and I don't know if that fixes my
problem. I'll just post my solution, based on click 1.5.0, here - see
the attached packet.diff. It's basically replacing a section of code
with a comment describing the problem, so it should be self-explanatory.
sincerely,
Ulf Hermann
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: packet.diff
Url: http://amsterdam.lcs.mit.edu/pipermail/click/attachments/20080618/d50e1c0e/attachment.txt
More information about the click
mailing list