Hi!
I ran some static code analysis on the release candidates for OpenSAF
4.2.4 and 4.3.1. I got a few regressions towards 4.2.3 and 4.3.0, and I
need your help to analyze the following in avd_sgproc.c. The warning
says that i_su->list_of_susi is used after free(). It is freed by
m_AVD_SU_SI_TRG_DEL(), and then dereferenced by avd_compcsi_delete() in
the next iteration.
When I look at the code, I don't understand it at all. Does this loop
below terminate? The loop terminates when i_su->list_of_susi is NULL,
but it is not modified within the loop body! If the loop terminates, it
must be because i_su->list_of_susi is somehow modified as a side-effect
of calling avd_compcsi_delete() or m_AVD_SU_SI_TRG_DEL(). This is a very
ugly way coding!!!
Line 1398 - 1408 in osaf/services/saf/avsv/avd/avd_sgproc.c on branch
opensaf-4.3.x (tag 4.3.1RC1):
-----------------------------------------
/* Free all the SU SI assignments for all the SIs on the
* the SU if there are any.
*/
while (i_su->list_of_susi != AVD_SU_SI_REL_NULL) {
/* free all the CSI assignments */
avd_compcsi_delete(cb, i_su->list_of_susi, false);
/* Unassign the SUSI */
m_AVD_SU_SI_TRG_DEL(cb, i_su->list_of_susi);
}
-----------------------------------------
regards,
Anders Widell
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
