Changeset :6377
Issue : AMF agent crashed when saAmfProtectionGroupTrack_4 is called with finalized handle / random handle.
Below is the backtrace :
0 0x00007f4d8a19ea15 in avsv_amf_cbk_free () from /usr/lib64/libSaAmf.so.0
1 0x00007f4d8a19e5bf in avsv_nda_ava_msg_content_free () from /usr/lib64/libSaAmf.so.0
2 0x00007f4d8a1950de in saAmfProtectionGroupTrack_4 () from /usr/lib64/libSaAmf.so.0
Reproducible : This issue is random.
The reason for crash:
While invalid handle is passed to saAmfProtectionGroupTrack_4, code jumps to "done" and calls avsv_nda_ava_msg_content_free(&msg). But msg is not meset to zero, so it has garbage values. Inside avsv_nda_ava_msg_content_free, the following code points to garbage pointer and agent crashes:
if (msg->info.cbk_info) {
avsv_amf_cbk_free(msg->info.cbk_info);
Thanks
-Nagu
changeset: 6507:a9f0e7afef52
branch: opensaf-4.4.x
parent: 6471:8f67d90286cd
user: Nagendra Kumarnagendra.k@oracle.com
date: Tue May 05 16:47:15 2015 +0530
summary: amfa: avoid illigal memory access [#1307]
changeset: 6508:aba458b4cb6a
branch: opensaf-4.5.x
parent: 6502:c8e944e532e7
user: Nagendra Kumarnagendra.k@oracle.com
date: Tue May 05 16:48:01 2015 +0530
summary: amfa: avoid illigal memory access [#1307]
changeset: 6509:0b2a391068f9
branch: opensaf-4.6.x
parent: 6505:d9c77680a878
user: Nagendra Kumarnagendra.k@oracle.com
date: Tue May 05 16:48:27 2015 +0530
summary: amfa: avoid illigal memory access [#1307]
changeset: 6510:08382ad144ea
tag: tip
parent: 6506:a0172a813a9e
user: Nagendra Kumarnagendra.k@oracle.com
date: Tue May 05 16:48:42 2015 +0530
summary: amfa: avoid illigal memory access [#1307]
[staging:a9f0e7]
[staging:aba458]
[staging:0b2a39]
[staging:08382a]
Related
Tickets:
#1307