- **status**: assigned --> review
---
** [tickets:#2424] amfnd: illegal memory access in avnd_comptype_delete()**
**Status:** review
**Milestone:** 5.17.06
**Created:** Wed Apr 12, 2017 04:08 AM UTC by Hoa Le
**Last Updated:** Wed Apr 12, 2017 04:08 AM UTC
**Owner:** Hoa Le
**Attachments:**
-
[bt_core.1491307159.osafamfnd.428.PL-5](https://sourceforge.net/p/opensaf/tickets/2424/attachment/bt_core.1491307159.osafamfnd.428.PL-5)
(12.3 kB; application/octet-stream)
There are some unsafe memory accesses in avnd_comptype_delete() function. This
caused segfault as in attachment.
~~~
/src/amf/amfnd/compdb.cc
static amf_comp_type_t *avnd_comptype_create(SaImmHandleT immOmHandle, const
std::string& dn)
{
int rc = -1;
...
if (amf_saImmOmAccessorGet_o2(immOmHandle, accessorHandle, dn, nullptr,
(SaImmAttrValuesT_2 ***)&attributes) != SA_AIS_OK) {
LOG_ER("amf_saImmOmAccessorGet_o2 FAILED for '%s'", dn.c_str());
goto done;
}
...
done:
if (rc != 0) {
avnd_comptype_delete(compt);
compt = nullptr;
}
...
}
static void avnd_comptype_delete(amf_comp_type_t *compt)
{
...
/* Free saAmfCtDefInstantiateCmdArgv[i] before freeing
saAmfCtDefInstantiateCmdArgv */
arg_counter = 0;
while ((argv = compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) !=
nullptr)
...
}
~~~
In this case, compt->saAmfCtDefInstantiateCmdArgv was NULL, accessing to
compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) caused a segmentation fault.
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets