[tickets] [opensaf:tickets] #2424 amfnd: illegal memory access in avnd_comptype_delete()

Hoa Le Wed, 12 Apr 2017 03:24:07 -0700

- **status**: assigned --> review



---

** [tickets:#2424] amfnd: illegal memory access in avnd_comptype_delete()**

**Status:** review
**Milestone:** 5.17.06
**Created:** Wed Apr 12, 2017 04:08 AM UTC by Hoa Le
**Last Updated:** Wed Apr 12, 2017 04:08 AM UTC
**Owner:** Hoa Le
**Attachments:**

- 
[bt_core.1491307159.osafamfnd.428.PL-5](https://sourceforge.net/p/opensaf/tickets/2424/attachment/bt_core.1491307159.osafamfnd.428.PL-5)
 (12.3 kB; application/octet-stream)


There are some unsafe memory accesses in avnd_comptype_delete() function. This 
caused segfault as in attachment.

~~~
/src/amf/amfnd/compdb.cc

static amf_comp_type_t *avnd_comptype_create(SaImmHandleT immOmHandle, const 
std::string& dn)
{
    int rc = -1;
...
    if (amf_saImmOmAccessorGet_o2(immOmHandle, accessorHandle, dn, nullptr, 
(SaImmAttrValuesT_2 ***)&attributes) != SA_AIS_OK) {
        LOG_ER("amf_saImmOmAccessorGet_o2 FAILED for '%s'", dn.c_str());
        goto done;
    }
...
 done:
    if (rc != 0) {
        avnd_comptype_delete(compt);
        compt = nullptr;
    }
...
}

static void avnd_comptype_delete(amf_comp_type_t *compt)
{
...
    /* Free saAmfCtDefInstantiateCmdArgv[i] before freeing 
saAmfCtDefInstantiateCmdArgv */
    arg_counter = 0;
    while ((argv = compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) != 
nullptr)
...
}
~~~

In this case, compt->saAmfCtDefInstantiateCmdArgv was NULL, accessing to 
compt->saAmfCtDefInstantiateCmdArgv[arg_counter++]) caused a segmentation fault.



---

Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets

[tickets] [opensaf:tickets] #2424 amfnd: illegal memory access in avnd_comptype_delete()

Reply via email to