[ofw] NULL pointer dereference in WSD provider

Fab Tillier ftillier at windows.microsoft.com
Wed May 16 12:28:36 PDT 2007


Hi folks,

 

We have a customer that ran into an access violation when testing over
the OpenFabrics WSD provider.  A quick investigation showed that when a
buffer is freed and the registration cache callback of the WSD provider
is invoked, the WSD provider deregisters the buffer.  Any references to
that registration in any socket's memory node list is cleared. This
results in memory nodes (struct memory_node) having a NULL p_reg member.

 

When posting sends or receives, the provider looks up the appropriate
registration (lookup_partial_mr, ibsp_mem.c, line 63).  The function
__check_mr does not handle the case where p_reg is NULL, and
lookup_partial_mr doesn't check for NULL either, and this is why we hit
the NULL pointer dereference (in the __check_mr function).

 

Could this get fixed and a new build generated?  Please let me know when
the build is ready so we can notify the customer and have them repeat
the test.

 

Thanks!

-Fab

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20070516/68a4abc8/attachment.html>


More information about the ofw mailing list