The coredump is generated in the context of processing the message type "IMMND_EVT_D2ND_IMPLDELETE" because the memory is corrupted at the time of decoding that message.
It allocated 'size' bytes of memory with the boundary in range [0 - 'size - 1'], but modified - added null terminated, the memory at the index of `size` which was out of that range. This patch fixes such issue. The memory should be allocated with `size + 1` bytes in length. --- src/imm/common/immsv_evt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/imm/common/immsv_evt.c b/src/imm/common/immsv_evt.c index 03a7f8125..c93f82a0f 100644 --- a/src/imm/common/immsv_evt.c +++ b/src/imm/common/immsv_evt.c @@ -2898,7 +2898,7 @@ static uint32_t immsv_evt_dec_sublevels(NCS_UBAID *i_ub, IMMSV_EVT *o_evt) implNameList[i].size = ncs_decode_32bit(&p8); ncs_dec_skip_space(i_ub, 4); - implNameList[i].buf = (char *)malloc(implNameList[i].size); + implNameList[i].buf = (char *)malloc(implNameList[i].size + 1); if (implNameList[i].buf == NULL || ncs_decode_n_octets_from_uba(i_ub, (uint8_t *)implNameList[i].buf, -- 2.18.0 _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel