Test Suite - valgrind
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
a call to delete_state(st) frees st : zero(st) and pfree(st). However the *st could stored in md and accessd later. Between the delete and and next access of of md->st, the freed memory might be re-alloated to something else. When md->st is accessed, it will be junk.
On a responder, receives a v2D to delete #1. Pluto call
delete_my_family
delete(st) : which pfree(st).
However:
success_v2_state_transition ikev2_update_counter may access md->st
Here is a snippet of a trace from valgrind output.
==1868== Invalid read of size 4 ==1868== at 0x15355D: success_v2_state_transition.isra.0 (ikev2.c:1021) ==1868== by 0x171547: comm_handle (demux.c:218) ==1868== by 0x13AABA: call_server (server.c:743) ==1868== by 0x125474: main (plutomain.c:1381) ==1868== Address 0xb51d028 is 1,144 bytes inside a block of size 1,928 free'd ==1868== at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1868== by 0x134EDC: delete_state (state.c:553) ==1868== by 0x159A7E: process_encrypted_informational_ikev2 (ikev2_parent.c:3390) ==1868== by 0x1541A5: process_v2_packet (ikev2.c:789) ==1868== by 0x171547: comm_handle (demux.c:218) ==1868== by 0x13AABA: call_server (server.c:743) ==1868== by 0x125474: main (plutomain.c:1381)