[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible bugs in ns-2.1b4

To: [email protected]
Subject: Possible bugs in ns-2.1b4
From: Urs Thuermann <[email protected]>
Date: 19 Feb 1999 15:15:13 +0100
Sender: [email protected]

Reading some source of ns-2.1b4 I've found two possible bugs:

1. The function

	int Queue::length()

   is not virtual, so that when I have a pointer Queue *p that in fact
   points to a DRR Queue, when doing

	p->length();

   this unexpectedly calls Queue::length() instead of DRR::length().

   Or is this behavior intended?

2. In DropTail and RED that command "packetqueue-attach" can leave the
   queue in an incosistent state.  The code is (in {drop-tail,red}.cc):

	if (!strcmp(argv[1], "packetqueue-attach")) {
		delete q_;
		if (!(q_ = (PacketQueue*) TclObject::lookup(argv[2])))
			return (TCL_ERROR);
		else {
			pq_ = q_;
			return (TCL_OK);
		}
	}

   When the TclObject::lookup() fails the pointer q_ is NULL but pq_,
   inherited from the Queue class, still points to the old PacketQueue
   which has already been deleted though.  When calling the length()
   member function on the DropTail or RED object, Queue::length() will
   access *pq_ which is invalid.


urs

Follow-Ups:
- Re: Possible bugs in ns-2.1b4
  - From: Yuri Pryadkin <[email protected]>

Prev by Date: Re: Supporting large very large number of nodes
Next by Date: Using CMU's run.tcl with ns2.1b5
Prev by thread: Using CMU's run.tcl with ns2.1b5
Next by thread: Re: Possible bugs in ns-2.1b4
Index(es):
- Date
- Thread