Broken timeout code
Brought to you by:
jcalcote
Menu
▾
▴
#81 Broken timeout code
I'm not an SLP expert but the code looks real broken
here.
File: libslp_network.c
Function NetworkMcastRqstRply() and NetworkRqstRply()
int timeouts[MAX_RETRANSMITS];
....
xmitcount = 0;
while(xmitcount <= MAX_RETRANSMITS)
{
xmitcount++;
totaltimeout += timeouts[xmitcount];
if ( totaltimeout >= maxwait || timeout[xmitcount]
== 0 )
{
....
As I see it, within the while loop xmitcount will go
from 1 to MAXRETRANSMITS+1. In this case, we
overflow the timeouts table not only by 1 but by 2 !!!
(MAX_RETRANSMITS=5; xmitcount will go from 1 to 6;
timeouts is an array of 5 elements - elements 0 to 4)
(We are getting into an infinite wait state due to
random timeout values)
ron_cohen@adaptec.com