[Openais] RE: Library core dump using evt.
Mark Haverkamp
markh at osdl.org
Wed Jan 11 07:27:30 PST 2006
On Tue, 2006-01-10 at 17:17 -0700, Steven Dake wrote:
> OK I think I've got it figured out.
>
> error = saHandleCreate(&event_handle_db, sizeof(*edi),
> eventHandle);
> if (error != SA_AIS_OK) {
> goto alloc_put2;
> }
> error = saHandleInstanceGet(&event_handle_db, *eventHandle,
> (void*)&edi);
> if (error != SA_AIS_OK) {
> goto alloc_put2;
> }
>
> This code runs:
> saHandleInstanceGet fails for whichever reason during the shutdown and
> jumps to alloc_put2. It probably fails because its state is not
> SA_HANDLE_STATE_ACTIVE (which could be expected in a shutdown), but I
> can't be sure.
>
> Hence, edi is never allocated or initialized. Remember
> HandleInstanceGet doesn't do anything to edi unless it returns
> SA_AIS_OK.
>
> Then in the puts:
> alloc_put2:
> saHandleInstancePut (&evt_instance_handle_db,
> eci->eci_instance_handle);
> alloc_put1:
> saHandleInstancePut (&channel_handle_db, edi->edi_channel_handle);
>
>
> we see alloc_put1 references edi, but in the failure case edi is junk
> resulting in a put of junk resulting in a segfault!!! Instead, I think
> it should be
>
> saHandleInstancePut (&channel_handle_db, channelHandle);
>
> Mark your thoughts?
You are correct. I looked at that code a number of times and only saw
what it was doing (doing a put on the channel), not how it was doing it.
That certainly looks wrong. I can add this fix to my set of patches.
Good work spotting it.
Thanks,
Mark.
> >
--
Mark Haverkamp <markh at osdl.org>
More information about the Openais
mailing list