[ofw] NULL pointer dereference in WSD provider

Tzachi Dar tzachid at mellanox.co.il
Mon May 21 13:25:39 PDT 2007 

I'm also attaching the binaries to help people use the fix. 
 
This binary also has a fix for the bug of the provider calling
CompleteOverlapped after it has already closed the socket.
 
The files are in 7zip format as my experience has been that other
formats are being blocked by anti virus programs.
 
Thanks
Tzachi
 


________________________________

	From: Tzachi Dar 
	Sent: Friday, May 18, 2007 10:38 AM
	To: 'Fab Tillier'; ofw at lists.openfabrics.org
	Subject: RE: [ofw] NULL pointer dereference in WSD provider
	
	
	Fixed on commit 666.
	 
	Thanks
	Tzachi


________________________________

		From: ofw-bounces at lists.openfabrics.org
[mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Fab Tillier
		Sent: Wednesday, May 16, 2007 10:29 PM
		To: ofw at lists.openfabrics.org
		Subject: [ofw] NULL pointer dereference in WSD provider
		
		

		Hi folks,

		 

		We have a customer that ran into an access violation
when testing over the OpenFabrics WSD provider.  A quick investigation
showed that when a buffer is freed and the registration cache callback
of the WSD provider is invoked, the WSD provider deregisters the buffer.
Any references to that registration in any socket's memory node list is
cleared. This results in memory nodes (struct memory_node) having a NULL
p_reg member.

		 

		When posting sends or receives, the provider looks up
the appropriate registration (lookup_partial_mr, ibsp_mem.c, line 63).
The function __check_mr does not handle the case where p_reg is NULL,
and lookup_partial_mr doesn't check for NULL either, and this is why we
hit the NULL pointer dereference (in the __check_mr function).

		 

		Could this get fixed and a new build generated?  Please
let me know when the build is ready so we can notify the customer and
have them repeat the test.

		 

		Thanks!

		-Fab

		 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20070521/7b36fa12/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ibwsd.7z
Type: application/octet-stream
Size: 121014 bytes
Desc: ibwsd.7z
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20070521/7b36fa12/attachment.obj>

More information about the ofw mailing list