The issue was found when testing the API saAmfComponentRegister(). Start a process that calls saAmfInitialize(), then calls saAmfComponentRegister() with a non-existing component name, with the environment variable SA_AMF_COMPONENT_NAME deliberately not set (not started by AMF), the process will get aborted (osaf_abort(1)).
That was caused by the following buggy condition check in the saAmfComponentRegister() function:
... /* retrieve AvA CB */ if (!(cb = (AVA_CB *)ncshm_take_hdl(NCS_SERVICE_ID_AVA, gl_ava_hdl)) || !m_AVA_FLAG_IS_COMP_NAME(cb)) { TRACE_4("SA_AIS_ERR_LIBRARY: Unable to retrieve cb handle"); rc = SA_AIS_ERR_LIBRARY; goto done; } /* acquire cb read lock */ m_NCS_LOCK(&cb->lock, NCS_LOCK_READ); ... done: /* release cb read lock and return handles */ if (cb) { m_NCS_UNLOCK(&cb->lock, NCS_LOCK_READ); ncshm_give_hdl(gl_ava_hdl); } ... TRACE_LEAVE2("rc:%u", rc); return rc;
In this case, the !m_AVA_FLAG_IS_COMP_NAME(cb) check failed as SA_AMF_COMPONENT_NAME was not set, the execution jumped to 'done:' which tried to unlock a not-owned mutex (not previously locked yet), leading to osaf_abort() of the invoking process.
commit 0983225ed4a27eb466648aed4f463b672e92efda (origin/develop)
Author: Nguyen Luu nguyen.tk.luu@dektech.com.au
Date: Thu Aug 10 20:03:54 2017 +0700