In scenario of removing assignment, amfnd calls
avnd_su_si_remove(cb, tmp->su, tmp);
Inside avnd_su_si_remove(), the @tmp points to an object AVND_SU_SI_REC
which could be deleted. amfnd continues use @tmp to find the next
object AVND_SU_SI_REC, that causes segv.
Patch stores the next pointer before calls avnd_su_si_remove(). This fix
is similar to another place in avnd_evt_last_step_term_evh()
---
src/amf/amfnd/susm.cc | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/amf/amfnd/susm.cc b/src/amf/amfnd/susm.cc
index c5f8240..3246548 100644
--- a/src/amf/amfnd/susm.cc
+++ b/src/amf/amfnd/susm.cc
@@ -1194,9 +1194,11 @@ uint32_t avnd_su_si_oper_done(AVND_CB *cb, AVND_SU *su,
AVND_SU_SI_REC *si) {
if (tmp != nullptr) {
uint32_t sirank = tmp->rank;
- for (; tmp && (tmp->rank == sirank); tmp = avnd_silist_getprev(tmp)) {
+ for (; tmp && (tmp->rank == sirank);) {
+ AVND_SU_SI_REC *tmp1 = avnd_silist_getprev(tmp);
uint32_t rc = avnd_su_si_remove(cb, tmp->su, tmp);
osafassert(rc == NCSCC_RC_SUCCESS);
+ tmp = tmp1;
}
} else {
LOG_NO("Removed assignments from AMF components");
@@ -1267,9 +1269,11 @@ uint32_t avnd_su_si_oper_done(AVND_CB *cb, AVND_SU *su,
AVND_SU_SI_REC *si) {
if (tmp != nullptr) {
uint32_t sirank = tmp->rank;
- for (; tmp && (tmp->rank == sirank); tmp = avnd_silist_getprev(tmp)) {
+ for (; tmp && (tmp->rank == sirank);) {
+ AVND_SU_SI_REC *tmp1 = avnd_silist_getprev(tmp);
uint32_t rc = avnd_su_si_remove(cb, tmp->su, tmp);
osafassert(rc == NCSCC_RC_SUCCESS);
+ tmp = tmp1;
}
} else {
LOG_NO("Removed assignments from AMF components");
--
2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
