[Ns-developers] bug in WirelessPhyExt.cc PowerTimer::expire(Event *e) function
Lajos
lajos1 at gmail.com
Wed Jun 18 13:59:48 PDT 2008
Hi,
In the above file in PowerTimer::expire(Event *e) function, at the end
the powertime deletes itself. The problem is that the expire function
is called from TimerHandler::handle(Event *e) in timer-handler.cc.
After calling expire, this function then tries to set the timer
handler's status to idle, but of course it has already been deleted.
Thus there is an invalid memory read and attempted invalid memory
write. The fix is easy, delete the part from the end of the
PowerTimer::expire(Event *e) function where delete this is called and
somewhere else in the wirelessphyExt code insert a few lines that are
called regularly to parse the powertimerlist and delete any expired
timers, e.g. for a quick fix I put this at the start of
getPowerLevel() function:
PowerTimerList::iterator it;
for( it = powerTimerList.begin(); it != powerTimerList.end(); it++ )
{
PowerTimer *pt = *it;
if( pt->status() == TIMER_IDLE )
{
delete *it;
it = powerTimerList.erase(it);
}
}
in fact this is just a suggestion I havent tested the solution but I
have verified that the original code does indeed cause invalid reads
and writes for the reason given above.
Lajos
More information about the Ns-developers
mailing list