Segmentation Fault

Jouni Malinen jkmaline
Mon Sep 11 19:37:35 PDT 2006


On Mon, Sep 11, 2006 at 05:37:10PM +0200, Vincent Maurin wrote:

> After a deeper search in the code, I think that there is the same 
> problem in wext driver that there was in ndis driver (reported here 
> http://lists.shmoo.com/pipermail/hostap/2006-August/013992.html)
> 
> In wpa_driver_wext_scan line 1044 of driver_wext.c, a timeout is created
> eloop_register_timeout(3, 0, wpa_driver_wext_scan_timeout, drv, drv->ctx);
> 
> If the interface is removed before the timeout expires, it would be 
> cancelled in wpa_driver_wext_deinit with
> eloop_cancel_timeout( wpa_driver_wext_scan_timeout, drv, drv->ctx);

Thanks! Apparently I should have went through all driver wrappers when
fixing the NDIS case. I did it now and sure enough, this case in
driver_wext.c was not the only remaining issue. I think I fixed all the
issues now with driver wrappers not unregistering eloop timeouts or read
sockets. The fixes are available from the CVS development branch.

Many of the driver wrappers were implemented before it was possible to
remove an interface without terminating wpa_supplicant at the same time,
so these issues could not really trigger any problems at that point.
Anyway, all deinit functions should really unregister and free all the
resources they have allocated regardless of whether this is strictly
necessary or not in case the program is being terminated.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list