Project

General

Profile

Actions

Bug #16558

open

ipd can get into an infinite loop

Added by Jason King 12 days ago. Updated 12 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
networking
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:

Description

I found this by inspection, but I'm fairly sure this is wrong. In ipd_hook(), we have the following segment of code:

while (mbp != NULL) {
        if (mbp->b_wptr == mbp->b_rptr)
                continue;

       ...
}

mbp only gets set to the next mblk_t in the segment at the bottom of the loop (after the above statements), so I'm fairly sure it will loop on a 0-byte mbp forever.

Similarly, the M_DATA check suffers from the same issue.

Fixing it should be fairly easily -- just add mbp = mbp->b_cont to the if clause. Testing might be a bit more challenging since 0-byte mblk_ts are while I believe technically allowed, fairly rare in practice.

Actions #1

Updated by Jason King 12 days ago

  • Description updated (diff)
Actions

Also available in: Atom PDF