bgpd: fix access to invalid memory zone

pguibert6WIND · pguibert6WIND · commit 3e05ba06e662 · 2025-01-07T15:35:32.000+01:00
> ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f73891cb146 bp 0x7ffca86584c0 sp 0x7ffca8658490 T0) > ==837617==The signal is caused by a READ memory access. > ==837617==Hint: address points to the zero page. > #0 0x7f73891cb146 in bmp_targets_const_next bgpd/bgp_bmp.c:149 > sonic-net#1 0x7f73891cb1a5 in bmp_targets_next bgpd/bgp_bmp.c:149 > sonic-net#2 0x7f73891e875a in _bmp_vrf_state_changed_internal bgpd/bgp_bmp.c:3520 > sonic-net#3 0x7f73891e8922 in bmp_vrf_itf_state_changed bgpd/bgp_bmp.c:3566 > sonic-net#4 0x55e511af8d1b in hook_call_bgp_vrf_status_changed bgpd/bgp_zebra.c:64 > sonic-net#5 0x55e511afa304 in bgp_ifp_up bgpd/bgp_zebra.c:234 > sonic-net#6 0x7f738981c193 in hook_call_if_up lib/if.c:57 > sonic-net#7 0x7f738981d09a in if_up_via_zapi lib/if.c:203 > sonic-net#8 0x7f73899d6f54 in zclient_interface_up lib/zclient.c:2671 > sonic-net#9 0x7f73899e3e5a in zclient_read lib/zclient.c:4624 > sonic-net#10 0x7f738998078d in event_call lib/event.c:1996 > sonic-net#11 0x7f7389848933 in frr_run lib/libfrr.c:1232 > sonic-net#12 0x55e5117f7ae1 in main bgpd/bgp_main.c:557 > sonic-net#13 0x7f7389229d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > sonic-net#14 0x7f7389229e3f in __libc_start_main_impl ../csu/libc-start.c:392 > sonic-net#15 0x55e5117f4234 in _start (/usr/lib/frr/bgpd+0x2ec234) Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
diff --git a/bgpd/bgp_bmp.c b/bgpd/bgp_bmp.c
@@ -2081,6 +2081,7 @@ static struct bmp_bgp *bmp_bgp_get(struct bgp *bgp)
 	bmpbgp->bgp = bgp;
 	bmpbgp->vrf_state = vrf_state_unknown;
 	bmpbgp->mirror_qsizelimit = ~0UL;
+	bmp_targets_init(&bmpbgp->targets);
 	bmp_mirrorq_init(&bmpbgp->mirrorq);
 	bmp_bgph_add(&bmp_bgph, bmpbgp);
 
