[Openais] Library core dump using evt.
Muni Bajpai
muniba at nortel.com
Sun Jan 8 11:27:28 PST 2006
Hey Steve,Mark
Kristen found an issue where the library dumped core in the process of
shutting down. As of now we can't reproduce it but the issue was in
saHandleInstancePut being called from saEvtEventAllocate. Looks like the
handle was corrupted or the database closed. In either case
handleDatabase->handles[handle].check caused the issue and my best guess
is accessing the array after its been deallocated.
There is a check in saHandleInstancePut that I added to the other to
access functions. This seems like a good error check anyways. Now
obviously the calling functions should check the return code which is
not the case but at least we won't have invalid memory access.
Thanks
Muni
diff -uNr --exclude=svn --exclude=.svn --exclude=SCCS
--exclude=BitKeeper --exclude=ChangeSet --exclude=init --exclude=LICENSE
--exclude=Makefile --exclude=man --exclude=README.devmap
--exclude=SECURITY --exclude=TODO --exclude=CHANGELOG --exclude=conf
--exclude=loc --exclude=Makefile.samples --exclude=QUICKSTART
--exclude=.cdtproject --exclude=.project --exclude=nortel.patch
openais/branches/picacho/lib/util.c picacho_patch/lib/util.c
--- openais/branches/picacho/lib/util.c 2006-01-06 17:23:32 -06:00
+++ picacho_patch/lib/util.c 2006-01-08 13:23:15 -06:00
@@ -608,6 +608,11 @@
uint32_t handle = inHandle & 0xffffffff;
pthread_mutex_lock (&handleDatabase->mutex);
+
+ if (handle >= (SaUint64T)handleDatabase->handleCount) {
+ error = SA_AIS_ERR_BAD_HANDLE;
+ goto error_exit;
+ }
if (check != handleDatabase->handles[handle].check) {
error = SA_AIS_ERR_BAD_HANDLE;
@@ -673,6 +678,11 @@
uint32_t handle = inHandle & 0xffffffff;
pthread_mutex_lock (&handleDatabase->mutex);
+
+ if (handle >= (SaUint64T)handleDatabase->handleCount) {
+ error = SA_AIS_ERR_BAD_HANDLE;
+ goto error_exit;
+ }
if (check != handleDatabase->handles[handle].check) {
error = SA_AIS_ERR_BAD_HANDLE;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/openais/attachments/20060108/d57bc9db/attachment-0001.htm
More information about the Openais
mailing list