On Fri, Apr 11, 2014 at 07:03:21PM +0400, Alexander V. Chernikov wrote:
Hmm, that seems like sime kind of strange coincidence, as the rta *a variable is not used before it is initialized (see attached patch).
Well, not exactly. DECODE_PREFIX() can perform 'goto done' for invalid prefix being withdrawn. In that case we'll probably get garbage in a.
Anyway, initially I was talking about IPv6 case (which has different bgp_do_rx_update() version). The same there, DO_NLRI() can jump to 'done' label before *a initialization which actually happened.
I suddenly realized that we're speaking about different crash cases: the one I'm talking about is much clearer: .. DO_NLRI(mp_reach) is not used so "a" assignment does not happen.
You are right, in both cases. Thanks for debugging it. These are stupid mistakes. Seems like 1.4.1 was really not a lucky release. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."