Bugzilla – Bug 804
null-pointer references in 3.7 internet stack
Last modified: 2010-02-10 01:09:34 UTC
I found several places where the internet stack in 3.7 de-references a null pointer. In general, these happen when the application closes tcp/ip connections before terminating the simulation. Here's a summary: ipv4-l3-protocol.cc, Ipv4L3Protocol::Send: Uses m_routingProtocol without verifying that it's valid. tcp-l4-protocol.cc, TcpL4Protocol::SendPacket & TcpL4Protocol::Send: Uses pointer returned by ipv4->GetRoutingProtocol() without verifying that the pointer is valid. tcp-socket-impl.cc, TcpSocketImpl::SendPendingData: Uses m_endPoint without verifying that it's valid. I've attached a zip with revised versions of those files. They're based on 3.7 stable. The revised versions work, in that they don't crash, but I can't tell if I've merely treated the symptoms instead of curing the underlying disease. I observed these problems on MacOS 10.5, but I doubt they are mac specific.
Created attachment 748 [details] zip with revised versions of source files Sorry if this is a duplicate; it looked like the attachment didn't get added when I created the bug report.
Created attachment 750 [details] patch to fix I turned this into a regular patch. I'll audit for more instances of this and try to check it in by end of the week.
In tcp-socket-impl.cc, TcpSocketImpl::SendEmptyPacket() can also be called when m_endPoint is null. The function should either check for m_endPoint == 0 (and return, I guess), or else the caller should verify that m_endPoint is valid.
pushed in changeset: 7a60b058e7b4 This is mainly the reported cases but with protection for a couple more possibly null pointers similar to the above.