Thanks for your analysis. I still don't understand the code, but if you
think this warning is a false positive I take your word for it. Some
additional info from the warning:
The free happens at line 504 in file avd_siass.c:
free(susi);
The dereference happens at line 1070 in file avd_csi.c:
while (susi->list_of_csicomp != NULL) {
regards,
Anders Widell
2013-07-29 13:50, Nagendra Kumar skrev:
> Hi,
> i_su->list_of_susi has list of susi. m_AVD_SU_SI_TRG_DEL calls
> avd_susi_delete, which in tern separate susi from i_su->list_of_susi and
> deletes it.
>
> Code is below:
> /* now delete it from the SU list */
> if (p_su_si == NULL) {
> susi->su->list_of_susi = susi->su_next;
> susi->su_next = NULL;
> } else {
> p_su_si->su_next = susi->su_next;
> susi->su_next = NULL;
> }
>
> /* now delete it from the SI list */
> if (p_si_su == NULL) {
> susi->si->list_of_sisu = susi->si_next;
> susi->si_next = NULL;
> } else {
> p_si_su->si_next = susi->si_next;
> susi->si_next = NULL;
> }
>
> And then deletes it. This means one susi is deleted from from
> i_su->list_of_susi. When last susi is deleted from i_su->list_of_susi, then
> i_su->list_of_susi becomes null and it exists from 'while loop'.
>
> So, I see no problem.
>
> Let me know if any further clarifications is required.
>
> Thanks
> -Nagu
>
> -----Original Message-----
> From: Anders Widell [mailto:anders.wid...@ericsson.com]
> Sent: 29 July 2013 16:12
> To: opensaf-devel@lists.sourceforge.net
> Cc: Nagendra Kumar; Hans Feldt; praveen malviya; UABHANO
> Subject: AMF static code analysis regression in 4.2.4 and 4.3.1
>
> Hi!
>
> I ran some static code analysis on the release candidates for OpenSAF
> 4.2.4 and 4.3.1. I got a few regressions towards 4.2.3 and 4.3.0, and I need
> your help to analyze the following in avd_sgproc.c. The warning says that
> i_su->list_of_susi is used after free(). It is freed by
> m_AVD_SU_SI_TRG_DEL(), and then dereferenced by avd_compcsi_delete() in the
> next iteration.
>
> When I look at the code, I don't understand it at all. Does this loop below
> terminate? The loop terminates when i_su->list_of_susi is NULL, but it is not
> modified within the loop body! If the loop terminates, it must be because
> i_su->list_of_susi is somehow modified as a side-effect of calling
> avd_compcsi_delete() or m_AVD_SU_SI_TRG_DEL(). This is a very ugly way
> coding!!!
>
> Line 1398 - 1408 in osaf/services/saf/avsv/avd/avd_sgproc.c on branch
> opensaf-4.3.x (tag 4.3.1RC1):
> -----------------------------------------
> /* Free all the SU SI assignments for all the SIs on the
> * the SU if there are any.
> */
>
> while (i_su->list_of_susi != AVD_SU_SI_REL_NULL) {
>
> /* free all the CSI assignments */
> avd_compcsi_delete(cb, i_su->list_of_susi, false);
> /* Unassign the SUSI */
> m_AVD_SU_SI_TRG_DEL(cb, i_su->list_of_susi);
> }
> -----------------------------------------
>
> regards,
> Anders Widell
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
