Menu

#3339 amf: Valgrind reported errors

5.23.07
fixed
None
defect
amf
nd
5.23.07
minor
False
2023-05-26
2023-05-18
No

Verify valgrind result
/var/lib/lxc/PL-3/rootfs/var/log/opensaf/amfnd.valgrind
==371== 1 errors in context 1 of 8:
==371== Invalid read of size 1
==371== at 0x11A8D9: avnd_evt_ava_resp_evh(avnd_cb_tag, avnd_evt_tag) (cbq.cc:436)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Address 0x8bab6c0 is 48 bytes inside a block of size 112 free'd
==371== at 0x4C3323B: operator delete(void) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11962B: avnd_comp_cbq_rec_pop_and_del(avnd_cb_tag
, avnd_comp_tag, unsigned int, bool) (cbq.cc:973)
==371== by 0x11A8D8: avnd_evt_ava_resp_evh(avnd_cb_tag
, avnd_evt_tag) (cbq.cc:435)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Block was alloc'd at
==371== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11B586: avnd_comp_cbq_rec_add(avnd_cb_tag
, avnd_comp_tag, avsv_amf_cbk_info_tag, unsigned long, long long) (cbq.cc:998)
==371== by 0x11B6DB: avnd_comp_cbq_send(avnd_cb_tag
, avnd_comp_tag, unsigned long, unsigned long long, avsv_amf_cbk_info_tag, long long) (cbq.cc:757)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag
, avnd_comp_tag, avsv_amf_cbk_type, avnd_hc_rec_tag, avnd_comp_csi_rec) (comp.cc:2202)
==371== by 0x151C47: avnd_process_comp_csi_msg (su.cc:986)
==371== by 0x151C47: avnd_evt_avd_compcsi_evh(avnd_cb_tag
, avnd_evt_tag) (su.cc:1068)
==371== by 0x141D25: avndevtprocess (main.cc:692)
--
==371== 1 errors in context 2 of 8:
==371== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==371== at 0x5F1DA9E: send (send.c:28)
==371== by 0x572F596: mds_sock_send (mds_dt_trans.c:79)
==371== by 0x572F92E: mds_mdtm_send_tcp (mds_dt_trans.c:650)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send (mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
==371== by 0x572874C: mcm_pvt_normal_snd_process_common (mds_c_sndrcv.c:1194)
==371== by 0x5729323: mcm_pvt_normal_svc_snd (mds_c_sndrcv.c:1017)
==371== by 0x5729323: mds_mcm_send (mds_c_sndrcv.c:781)
==371== by 0x5729323: mds_send (mds_c_sndrcv.c:458)
==371== by 0x5731FDB: ncsmds_api (mds_papi.c:165)
==371== by 0x143FB3: avnd_mds_send(avnd_cb_tag
, avnd_msg, unsigned long, mds_sync_snd_ctxt) (mds.cc:1555)
==371== by 0x119293: avnd_comp_cbq_rec_send(avnd_cb_tag
, avnd_comp_tag, avnd_cbk_tag, bool) (cbq.cc:867)
==371== by 0x11B772: avnd_comp_cbq_send(avnd_cb_tag, avnd_comp_tag, unsigned long, unsigned long long, avsv_amf_cbk_info_tag, long long) (cbq.cc:768)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag, avnd_comp_tag, avsv_amf_cbk_type, avnd_hc_rec_tag, avnd_comp_csi_rec) (comp.cc:2202)
==371== Address 0x8bae2f8 is 712 bytes inside a block of size 1,770 alloc'd
==371== at 0x4C33B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x572F878: mds_mdtm_send_tcp (mds_dt_trans.c:600)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send (mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
/var/lib/lxc/PL-4/rootfs/var/log/opensaf/amfnd.valgrind
==371== 1 errors in context 1 of 8:
==371== Invalid read of size 1
==371== at 0x11A8D9: avnd_evt_ava_resp_evh(avnd_cb_tag, avnd_evt_tag) (cbq.cc:436)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Address 0x8baf080 is 48 bytes inside a block of size 112 free'd
==371== at 0x4C3323B: operator delete(void) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11962B: avnd_comp_cbq_rec_pop_and_del(avnd_cb_tag
, avnd_comp_tag, unsigned int, bool) (cbq.cc:973)
==371== by 0x11A8D8: avnd_evt_ava_resp_evh(avnd_cb_tag
, avnd_evt_tag) (cbq.cc:435)
==371== by 0x141D25: avnd_evt_process (main.cc:692)
==371== by 0x141D25: avnd_main_process() (main.cc:644)
==371== by 0x1170AD: main (main.cc:225)
==371== Block was alloc'd at
==371== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x11B586: avnd_comp_cbq_rec_add(avnd_cb_tag
, avnd_comp_tag, avsv_amf_cbk_info_tag, unsigned long, long long) (cbq.cc:998)
==371== by 0x11B6DB: avnd_comp_cbq_send(avnd_cb_tag
, avnd_comp_tag, unsigned long, unsigned long long, avsv_amf_cbk_info_tag, long long) (cbq.cc:757)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag
, avnd_comp_tag, avsv_amf_cbk_type, avnd_hc_rec_tag, avnd_comp_csi_rec) (comp.cc:2202)
==371== by 0x151C47: avnd_process_comp_csi_msg (su.cc:986)
==371== by 0x151C47: avnd_evt_avd_compcsi_evh(avnd_cb_tag
, avnd_evt_tag*) (su.cc:1068)

==371== by 0x141D25: avnd_evt_process (main.cc:692)

--
==371== 1 errors in context 2 of 8:
==371== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==371== at 0x5F1DA9E: send (send.c:28)
==371== by 0x572F596: mds_sock_send (mds_dt_trans.c:79)
==371== by 0x572F92E: mds_mdtm_send_tcp (mds_dt_trans.c:650)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send (mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)
==371== by 0x572874C: mcm_pvt_normal_snd_process_common (mds_c_sndrcv.c:1194)
==371== by 0x5729323: mcm_pvt_normal_svc_snd (mds_c_sndrcv.c:1017)
==371== by 0x5729323: mds_mcm_send (mds_c_sndrcv.c:781)
==371== by 0x5729323: mds_send (mds_c_sndrcv.c:458)
==371== by 0x5731FDB: ncsmds_api (mds_papi.c:165)
==371== by 0x143FB3: avnd_mds_send(avnd_cb_tag, avnd_msg, unsigned long, mds_sync_snd_ctxt) (mds.cc:1555)
==371== by 0x119293: avnd_comp_cbq_rec_send(avnd_cb_tag, avnd_comp_tag, avnd_cbk_tag, bool) (cbq.cc:867)
==371== by 0x11B772: avnd_comp_cbq_send(avnd_cb_tag
, avnd_comp_tag, unsigned long, unsigned long long, avsv_amf_cbk_info_tag, long long) (cbq.cc:768)
==371== by 0x12ABD9: avnd_comp_cbk_send(avnd_cb_tag
, avnd_comp_tag, avsv_amf_cbk_type, avnd_hc_rec_tag, avnd_comp_csi_rec*) (comp.cc:2202)
==371== Address 0x8bb1cb8 is 712 bytes inside a block of size 1,770 alloc'd
==371== at 0x4C33B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==371== by 0x572F878: mds_mdtm_send_tcp (mds_dt_trans.c:600)
==371== by 0x5724AD6: mcm_msg_encode_full_or_flat_and_send (mds_c_sndrcv.c:1774)
==371== by 0x57261B6: mds_mcm_send_msg_enc (mds_c_sndrcv.c:1255)

Related

Wiki: ChangeLog-5.23.07

Discussion

  • Nguyen Huynh Tai

    • status: assigned --> review
     
  • Thang Duc Nguyen

     
  • Thang Duc Nguyen

    Hi Tai,
    Invalid read due to the callback record was deleted in avnd_comp_cbq_rec_pop_and_del().
    So avnd_comp_cbq_rec_pop_and_del() need to return code and the timer whether stop based on this return code.

    B.R/Thang

     
  • Nguyen Huynh Tai

    commit 85dd8cc29874861a911ae73f29ea068dbb6d25b7 (HEAD -> develop, origin/develop)
    Author: tai.h.nguyen tai.h.nguyen@dektech.com.au
    Date: Thu May 18 10:53:15 2023 +0700

    amf: Fix errors reported by valgrind [#3339]
    
    Fix access uninitialised value and invalid read.
    
     
  • Nguyen Huynh Tai

    • status: review --> fixed
     

Log in to post a comment.