Menu

#1307 AMF : agent crashed if saAmfProtectionGroupTrack_4 is called with bad handle

4.5.2
fixed
None
defect
amf
lib
4.6FC
minor
2015-05-05
2015-04-08
Srikanth R
No

Changeset :6377

Issue : AMF agent crashed when saAmfProtectionGroupTrack_4 is called with finalized handle / random handle.

Below is the backtrace :

0 0x00007f4d8a19ea15 in avsv_amf_cbk_free () from /usr/lib64/libSaAmf.so.0

1 0x00007f4d8a19e5bf in avsv_nda_ava_msg_content_free () from /usr/lib64/libSaAmf.so.0

2 0x00007f4d8a1950de in saAmfProtectionGroupTrack_4 () from /usr/lib64/libSaAmf.so.0

Reproducible : This issue is random.

Related

Tickets: #1307
Wiki: ChangeLog-4.5.2
Wiki: ChangeLog-4.6.1

Discussion

  • Nagendra Kumar

    Nagendra Kumar - 2015-04-21
    • status: unassigned --> accepted
    • assigned_to: Nagendra Kumar
    • Part: - --> lib
     
  • Nagendra Kumar

    Nagendra Kumar - 2015-04-21

    The reason for crash:
    While invalid handle is passed to saAmfProtectionGroupTrack_4, code jumps to "done" and calls avsv_nda_ava_msg_content_free(&msg). But msg is not meset to zero, so it has garbage values. Inside avsv_nda_ava_msg_content_free, the following code points to garbage pointer and agent crashes:
    if (msg->info.cbk_info) {
    avsv_amf_cbk_free(msg->info.cbk_info);

    Thanks
    -Nagu

     
  • Nagendra Kumar

    Nagendra Kumar - 2015-04-21
    • status: accepted --> review
     
  • Nagendra Kumar

    Nagendra Kumar - 2015-05-05
    • status: review --> fixed
     
  • Nagendra Kumar

    Nagendra Kumar - 2015-05-05

    changeset: 6507:a9f0e7afef52
    branch: opensaf-4.4.x
    parent: 6471:8f67d90286cd
    user: Nagendra Kumarnagendra.k@oracle.com
    date: Tue May 05 16:47:15 2015 +0530
    summary: amfa: avoid illigal memory access [#1307]

    changeset: 6508:aba458b4cb6a
    branch: opensaf-4.5.x
    parent: 6502:c8e944e532e7
    user: Nagendra Kumarnagendra.k@oracle.com
    date: Tue May 05 16:48:01 2015 +0530
    summary: amfa: avoid illigal memory access [#1307]

    changeset: 6509:0b2a391068f9
    branch: opensaf-4.6.x
    parent: 6505:d9c77680a878
    user: Nagendra Kumarnagendra.k@oracle.com
    date: Tue May 05 16:48:27 2015 +0530
    summary: amfa: avoid illigal memory access [#1307]

    changeset: 6510:08382ad144ea
    tag: tip
    parent: 6506:a0172a813a9e
    user: Nagendra Kumarnagendra.k@oracle.com
    date: Tue May 05 16:48:42 2015 +0530
    summary: amfa: avoid illigal memory access [#1307]

    [staging:a9f0e7]
    [staging:aba458]
    [staging:0b2a39]
    [staging:08382a]

     

    Related

    Tickets: #1307


Log in to post a comment.