- **status**: review --> fixed
- **Blocker**: --> False
- **Comment**:
commit 6146f2e39e9dab9e8aaedd323c801359908cadd7
Author: Hoa Le <[email protected]>
Date: Tue Apr 25 09:21:29 2017 +0700
amfnd: Fix illegal memory access in avnd_comptype_delete [#2424]
Problem:
- There are some unsafe memory accesses which may cause segfault in
avnd_comptype_delete() function.
Fix:
- Check if a pointer is valid before accessing it.
- Minor update in avnd_comptype_create() function to avoid unnecessary
function call to avnd_comptype_delete().
commit a6dcc6a37fa7a37028a1b23e446312fa8aeb5677
Author: Hoa Le <[email protected]>
Date: Tue Apr 25 09:21:29 2017 +0700
amfnd: Fix illegal memory access in avnd_comptype_delete [#2424]
Problem:
- There are some unsafe memory accesses which may cause segfault in
avnd_comptype_delete() function.
Fix:
- Check if a pointer is valid before accessing it.
- Minor update in avnd_comptype_create() function to avoid unnecessary
function call to avnd_comptype_delete().
changeset: 8786:9210d063ed44
tag: tip
user: Hoa Le <[email protected]>
date: Mon May 01 16:13:32 2017 +1000
summary: amfnd: Fix illegal memory access in avnd_comptype_delete [#2424]
---
** [tickets:#2424] amfnd: illegal memory access in avnd_comptype_delete()**
**Status:** fixed
**Milestone:** 5.17.06
**Created:** Wed Apr 12, 2017 04:08 AM UTC by Hoa Le
**Last Updated:** Wed Apr 12, 2017 10:23 AM UTC
**Owner:** Hoa Le
**Attachments:**
-
[bt_core.1491307159.osafamfnd.428.PL-5](https://sourceforge.net/p/opensaf/tickets/2424/attachment/bt_core.1491307159.osafamfnd.428.PL-5)
(12.3 kB; application/octet-stream)
There are some unsafe memory accesses in avnd_comptype_delete() function. This
caused segfault as in attachment.
~~~
/src/amf/amfnd/compdb.cc
static amf_comp_type_t *avnd_comptype_create(SaImmHandleT immOmHandle, const
std::string& dn)
{
int rc = -1;
...
if (amf_saImmOmAccessorGet_o2(immOmHandle, accessorHandle, dn, nullptr,
(SaImmAttrValuesT_2 ***)&attributes) != SA_AIS_OK) {
LOG_ER("amf_saImmOmAccessorGet_o2 FAILED for '%s'", dn.c_str());
goto done;
}
...
done:
if (rc != 0) {
avnd_comptype_delete(compt);
compt = nullptr;
}
...
}
static void avnd_comptype_delete(amf_comp_type_t *compt)
{
...
/* Free saAmfCtDefInstantiateCmdArgv[i] before freeing
saAmfCtDefInstantiateCmdArgv */
arg_counter = 0;
while ((argv = compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) !=
nullptr)
...
}
~~~
In this case, compt->saAmfCtDefInstantiateCmdArgv was NULL, accessing to
compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) caused a segmentation fault.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
