Re: [devel] [PATCH 1/1] amfnd: Store next pointer AVND_SU_SI_REC before avnd_su_si_remove [#2896]

Fri, 13 Jul 2018 07:53:58 -0700 

Hi Minh,
                 Nice catch. Ack from me.
 
Thanks,
Nagendra, 91-9866424860
www.hasolutions.in
https://www.linkedin.com/company/hasolutions/
High Availability Solutions Pvt. Ltd.
- OpenSAF support and services
 
 
 
 
 
 
 
--------- Original Message --------- Subject: [PATCH 1/1] amfnd: Store next 
pointer AVND_SU_SI_REC before avnd_su_si_remove [#2896]
From: "Minh Chau" <minh.c...@dektech.com.au>
Date: 7/13/18 4:57 pm
To: hans.nordeb...@ericsson.com, gary....@dektech.com.au, 
nagen...@hasolutions.in
Cc: opensaf-devel@lists.sourceforge.net, "Minh Chau" <minh.c...@dektech.com.au>

In scenario of removing assignment, amfnd calls
 avnd_su_si_remove(cb, tmp->su, tmp);
 Inside avnd_su_si_remove(), the @tmp points to an object AVND_SU_SI_REC
 which could be deleted. amfnd continues use @tmp to find the next
 object AVND_SU_SI_REC, that causes segv.
 
 Patch stores the next pointer before calls avnd_su_si_remove(). This fix
 is similar to another place in avnd_evt_last_step_term_evh()
 ---
 src/amf/amfnd/susm.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/src/amf/amfnd/susm.cc b/src/amf/amfnd/susm.cc
 index c5f8240..3246548 100644
 --- a/src/amf/amfnd/susm.cc
 +++ b/src/amf/amfnd/susm.cc
 @@ -1194,9 +1194,11 @@ uint32_t avnd_su_si_oper_done(AVND_CB *cb, AVND_SU *su, 
AVND_SU_SI_REC *si) {
 if (tmp != nullptr) {
 uint32_t sirank = tmp->rank;
 
 - for (; tmp && (tmp->rank == sirank); tmp = avnd_silist_getprev(tmp)) {
 + for (; tmp && (tmp->rank == sirank);) {
 + AVND_SU_SI_REC *tmp1 = avnd_silist_getprev(tmp);
 uint32_t rc = avnd_su_si_remove(cb, tmp->su, tmp);
 osafassert(rc == NCSCC_RC_SUCCESS);
 + tmp = tmp1;
 }
 } else {
 LOG_NO("Removed assignments from AMF components");
 @@ -1267,9 +1269,11 @@ uint32_t avnd_su_si_oper_done(AVND_CB *cb, AVND_SU *su, 
AVND_SU_SI_REC *si) {
 if (tmp != nullptr) {
 uint32_t sirank = tmp->rank;
 
 - for (; tmp && (tmp->rank == sirank); tmp = avnd_silist_getprev(tmp)) {
 + for (; tmp && (tmp->rank == sirank);) {
 + AVND_SU_SI_REC *tmp1 = avnd_silist_getprev(tmp);
 uint32_t rc = avnd_su_si_remove(cb, tmp->su, tmp);
 osafassert(rc == NCSCC_RC_SUCCESS);
 + tmp = tmp1;
 }
 } else {
 LOG_NO("Removed assignments from AMF components");
 -- 
 2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to