wpa_supplicant segfault in large WLAN
matt.causey at gmail.com
Fri Sep 27 09:16:38 EDT 2013
On Fri, Sep 27, 2013 at 9:13 AM, Jouni Malinen <j at w1.fi> wrote:
> On Thu, Sep 26, 2013 at 09:37:54PM -0400, Matt Causey wrote:
> > I can't seem to do anything that will cause this segfault to happen
> > w/valgrind. :-( What do you think about this:
> > ==25997== ERROR SUMMARY: 155711 errors from 129 contexts (suppressed: 27
> > from 6)
> > I've attached the full and compressed valgrind log, though it may end up
> > being scrubbed by the server.
> Thanks! This is a good example where valgrind ends up hiding the
> segfault when a program accesses freed memory. Such a bug is a critical
> issue always so it does not really matter whether the program crashes or
> not (with or without valgrind).
> I was able to reproduce this by replaying the scan results and the
> configuration you were using. The issue is triggered by a removal of the
> oldest BSS entry at a very inconvenient time and yes, this was very much
> related to the large number of BSSes in the scan results. For this to
> show up, you would need to have at least 200 BSSes that match a network
> configuration block in the scan results. And well, you did have 739 such
> BSSes.. ;-)
> This commit fixes the issue:
> In addition, while reviewing the implementation, I found another
> potential issue that could result in somewhat similar problems. Though,
> I don't think this should happen with nl80211 driver interface. Anyway,
> the fix is here:
> Please let me know if these address the issues you were seeing.
I'll do it straight-away. Thanks for all your help! Shall I expect these
patches to apply cleanly to the wpa_supplicant-2.0 release or should we
migrate to hostap.git HEAD in our stack?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP