- **status**: accepted --> review
---
** [tickets:#2254] log: reuse of deleted resources leads to agent coredump**
**Status:** review
**Milestone:** 5.0.2
**Created:** Mon Jan 09, 2017 07:30 AM UTC by Tai Dinh
**Last Updated:** Wed Jan 11, 2017 06:53 AM UTC
**Owner:** A V Mahesh (AVM)
Below part of code looks not really safe:
~~~
rc = lga_recover_one_client(p_client);
TRACE("\t Client %d is recovered", p_client->lgs_client_id);
if (rc == -1) {
TRACE("%s recover_one_client Fail Deleting client (id
%d)",
__FUNCTION__, p_client->lgs_client_id);
/* Fail to recover this client
* Remove (handle invalidated)
*/
(void) lga_hdl_rec_del(&lga_cb.client_list, p_client);
}
/* Next client */
p_client = p_client->next;
~~~
Note that after the lga_hdl_rec_del, the content of p_client had been freed
already. So the next assignment statement will assign p_client to a non-valid
memory.
The coredump was generated when we try to access the recovered_flag, but we can
even crash at the assignment line also.
~~~
------------------------------------------------------------------------------
7f1a883f8cd5: /usr/lib64/libSaLog.so.1: file format elf64-x86-64
Disassembly of section .text:
0000000000007cd5 <recovery2_thread+0x145>:
recovery2_thread():
/mnt/jenkins_virtual_disk/jenkins_work_folder/workspace/E2_Build_Cmw_x86_64/P1A01/opensaf/osaf/libs/agents/saf/lga/../../../../../../../opensaf/osaf/libs/agents/saf/lga/lga_state.c:362
(discriminator 2)
7cd5: 80 7b 39 00 cmpb $0x0,0x39(%rbx)
------------------------------------------------------------------------------
7f1f749190a4: /lib64/libpthread.so.0: file format elf64-x86-64
Disassembly of section .text:
00000000000080a4 <start_thread+0xc4>:
start_thread():
80a4: 64 48 89 04 25 30 06 mov %rax,%fs:0x630
80ab: 00 00
------------------------------------------------------------------------------
7f1f7464e02d: /lib64/libc.so.6: file format elf64-x86-64
Disassembly of section .text:
00000000000e502d <__clone+0x6d>:
__clone():
e502d: 48 89 c7 mov %rax,%rdi
------------------------------------------------------------------------------
~~~
/Tai
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
