- **Comment**:
Hi Tai,
Invalid read due to the callback record was deleted in
avnd_comp_cbq_rec_pop_and_del().
So avnd_comp_cbq_rec_pop_and_del() need to return code and the timer whether
stop based on this return code.
B.R/Thang
---
**[tickets:#3339] amf: Valgrind reported errors**
**Status:** review
**Milestone:** 5.23.07
**Created:** Thu May 18, 2023 03:10 AM UTC by Nguyen Huynh Tai
**Last Updated:** Thu May 18, 2023 10:02 AM UTC
**Owner:** Nguyen Huynh Tai
Verify valgrind result
/var/lib/lxc/PL-3/rootfs/var/log/opensaf/amfnd.valgrind
==371== 1 errors in context 1 of 8:
==371== Invalid read of size 1
==371== at 0x11A8D9: avnd_evt_ava_resp_evh(avnd_cb_tag*, avnd_evt_tag*)
(cbq.cc:436)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Address 0x8bab6c0 is 48 bytes inside a block of size 112 free'd
==371== at 0x4C3323B: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11962B: avnd_comp_cbq_rec_pop_and_del(avnd_cb_tag*,
avnd_comp_tag*, unsigned int, bool) (cbq.cc:973)
==371== by 0x11A8D8: avnd_evt_ava_resp_evh(avnd_cb_tag*, avnd_evt_tag*)
(cbq.cc:435)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Block was alloc'd at
==371== at 0x4C3217F: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11B586: avnd_comp_cbq_rec_add(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_info_tag*, unsigned long*, long long) (cbq.cc:998)
==371== by 0x11B6DB: avnd_comp_cbq_send(avnd_cb_tag*, avnd_comp_tag*,
unsigned long*, unsigned long long, avsv_amf_cbk_info_tag*, long long)
(cbq.cc:757)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_type, avnd_hc_rec_tag*, avnd_comp_csi_rec*) (comp.cc:2202)
==371== by 0x151C47: avnd_process_comp_csi_msg (su.cc:986)
==371== by 0x151C47: avnd_evt_avd_compcsi_evh(avnd_cb_tag*, avnd_evt_tag*)
(su.cc:1068)
==371== by 0x141D25: avndevtprocess (main.cc:692)
--
==371== 1 errors in context 2 of 8:
==371== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==371== at 0x5F1DA9E: send (send.c:28)
==371== by 0x572F596: mds_sock_send (mds_dt_trans.c:79)
==371== by 0x572F92E: mds_mdtm_send_tcp (mds_dt_trans.c:650)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send
(mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
==371== by 0x572874C: mcm_pvt_normal_snd_process_common (mds_c_sndrcv.c:1194)
==371== by 0x5729323: mcm_pvt_normal_svc_snd (mds_c_sndrcv.c:1017)
==371== by 0x5729323: mds_mcm_send (mds_c_sndrcv.c:781)
==371== by 0x5729323: mds_send (mds_c_sndrcv.c:458)
==371== by 0x5731FDB: ncsmds_api (mds_papi.c:165)
==371== by 0x143FB3: avnd_mds_send(avnd_cb_tag*, avnd_msg*, unsigned long*,
mds_sync_snd_ctxt*) (mds.cc:1555)
==371== by 0x119293: avnd_comp_cbq_rec_send(avnd_cb_tag*, avnd_comp_tag*,
avnd_cbk_tag*, bool) (cbq.cc:867)
==371== by 0x11B772: avnd_comp_cbq_send(avnd_cb_tag*, avnd_comp_tag*,
unsigned long*, unsigned long long, avsv_amf_cbk_info_tag*, long long)
(cbq.cc:768)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_type, avnd_hc_rec_tag*, avnd_comp_csi_rec*) (comp.cc:2202)
==371== Address 0x8bae2f8 is 712 bytes inside a block of size 1,770 alloc'd
==371== at 0x4C33B25: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x572F878: mds_mdtm_send_tcp (mds_dt_trans.c:600)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send
(mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
/var/lib/lxc/PL-4/rootfs/var/log/opensaf/amfnd.valgrind
==371== 1 errors in context 1 of 8:
==371== Invalid read of size 1
==371== at 0x11A8D9: avnd_evt_ava_resp_evh(avnd_cb_tag*, avnd_evt_tag*)
(cbq.cc:436)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Address 0x8baf080 is 48 bytes inside a block of size 112 free'd
==371== at 0x4C3323B: operator delete(void*) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11962B: avnd_comp_cbq_rec_pop_and_del(avnd_cb_tag*,
avnd_comp_tag*, unsigned int, bool) (cbq.cc:973)
==371== by 0x11A8D8: avnd_evt_ava_resp_evh(avnd_cb_tag*, avnd_evt_tag*)
(cbq.cc:435)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Block was alloc'd at
==371== at 0x4C3217F: operator new(unsigned long) (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11B586: avnd_comp_cbq_rec_add(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_info_tag*, unsigned long*, long long) (cbq.cc:998)
==371== by 0x11B6DB: avnd_comp_cbq_send(avnd_cb_tag*, avnd_comp_tag*,
unsigned long*, unsigned long long, avsv_amf_cbk_info_tag*, long long)
(cbq.cc:757)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_type, avnd_hc_rec_tag*, avnd_comp_csi_rec*) (comp.cc:2202)
==371== by 0x151C47: avnd_process_comp_csi_msg (su.cc:986)
==371== by 0x151C47: avnd_evt_avd_compcsi_evh(avnd_cb_tag*, avnd_evt_tag*)
(su.cc:1068)
## ==371== by 0x141D25: avnd_evt_process (main.cc:692)
--
==371== 1 errors in context 2 of 8:
==371== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==371== at 0x5F1DA9E: send (send.c:28)
==371== by 0x572F596: mds_sock_send (mds_dt_trans.c:79)
==371== by 0x572F92E: mds_mdtm_send_tcp (mds_dt_trans.c:650)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send
(mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
==371== by 0x572874C: mcm_pvt_normal_snd_process_common (mds_c_sndrcv.c:1194)
==371== by 0x5729323: mcm_pvt_normal_svc_snd (mds_c_sndrcv.c:1017)
==371== by 0x5729323: mds_mcm_send (mds_c_sndrcv.c:781)
==371== by 0x5729323: mds_send (mds_c_sndrcv.c:458)
==371== by 0x5731FDB: ncsmds_api (mds_papi.c:165)
==371== by 0x143FB3: avnd_mds_send(avnd_cb_tag*, avnd_msg*, unsigned long*,
mds_sync_snd_ctxt*) (mds.cc:1555)
==371== by 0x119293: avnd_comp_cbq_rec_send(avnd_cb_tag*, avnd_comp_tag*,
avnd_cbk_tag*, bool) (cbq.cc:867)
==371== by 0x11B772: avnd_comp_cbq_send(avnd_cb_tag*, avnd_comp_tag*,
unsigned long*, unsigned long long, avsv_amf_cbk_info_tag*, long long)
(cbq.cc:768)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag*, avnd_comp_tag*,
avsv_amf_cbk_type, avnd_hc_rec_tag*, avnd_comp_csi_rec*) (comp.cc:2202)
==371== Address 0x8bb1cb8 is 712 bytes inside a block of size 1,770 alloc'd
==371== at 0x4C33B25: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x572F878: mds_mdtm_send_tcp (mds_dt_trans.c:600)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send
(mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
