Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

scan: Fix crash 

Program received signal SIGSEGV, Segmentation fault.
0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
250		sc->state = sr->passive ? SCAN_STATE_PASSIVE : SCAN_STATE_ACTIVE;
(gdb) bt
0  0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
1  0x000000000043cac0 in process_unicast (genl=0x686d60, nlmsg=0x7fffffffc3b0)
    at ell/genl.c:390
2  0x000000000043ceb0 in received_data (io=0x686e60, user_data=0x686d60)
    at ell/genl.c:506
3  0x000000000043967d in io_callback (fd=6, events=1, user_data=0x686e60)
    at ell/io.c:120
4  0x000000000043824d in l_main_run () at ell/main.c:381
5  0x000000000040303c in main (argc=1, argv=0x7fffffffe668) at src/main.c:259

The reasoning is that the logic inside scan_common is reversed.  Instead
of freeing the scan request on error, we always do it.  This causes the
trigger_scan callback to receive invalid userdata.
This commit is contained in:
Denis Kenzior 2017-02-03 18:03:37 -06:00
parent 58ec4ec1c1
commit adfba7b2d2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/scan.c
View File

@ -360,7 +360,7 @@ static uint32_t scan_common(uint32_t ifindex, bool passive,
goto done;
sc->start_cmd_id = scan_send_start(&sr->start_cmd, scan_done, sc);
if (!sc->start_cmd_id)
if (sc->start_cmd_id > 0)
goto done;
error: