niklas/rcl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

segmentation fault for NULL dereference (#202)

Browse source 
* Invalid memory access for NULL dereference

rcl_lifecycle_get_state may return NULL

transition->goal is checked for NULL but no return
while it's true and this may result the follow-up
NULL dereference

Signed-off-by: Ethan Gao <ethan.gao@linux.intel.com>

* Avoid crash while NULL returned from rcl_service_get_options()

Signed-off-by: Ethan Gao <ethan.gao@linux.intel.com>

* tweak error string and null check for current_state

Signed-off-by: Ethan Gao <ethan.gao@linux.intel.com>
This commit is contained in:
Ethan Gao 2017-12-14 00:31:18 +08:00 committed by Karsten Knese
parent b41d4e333e
commit 261a46772f
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
rcl/src/rcl/service.c
View file

@ -247,6 +247,8 @@ rcl_take_request(
{ {
RCUTILS_LOG_DEBUG_NAMED(ROS_PACKAGE_NAME, "Service server taking service request") RCUTILS_LOG_DEBUG_NAMED(ROS_PACKAGE_NAME, "Service server taking service request")
const rcl_service_options_t * options = rcl_service_get_options(service); const rcl_service_options_t * options = rcl_service_get_options(service);
RCL_CHECK_FOR_NULL_WITH_MSG(
options, "Failed to get service options", return RCL_RET_ERROR, rcl_get_default_allocator());
RCL_CHECK_ARGUMENT_FOR_NULL(request_header, RCL_RET_INVALID_ARGUMENT, options->allocator); RCL_CHECK_ARGUMENT_FOR_NULL(request_header, RCL_RET_INVALID_ARGUMENT, options->allocator);
RCL_CHECK_ARGUMENT_FOR_NULL(ros_request, RCL_RET_INVALID_ARGUMENT, options->allocator); RCL_CHECK_ARGUMENT_FOR_NULL(ros_request, RCL_RET_INVALID_ARGUMENT, options->allocator);
@ -273,6 +275,8 @@ rcl_send_response(
{ {
RCUTILS_LOG_DEBUG_NAMED(ROS_PACKAGE_NAME, "Sending service response") RCUTILS_LOG_DEBUG_NAMED(ROS_PACKAGE_NAME, "Sending service response")
const rcl_service_options_t * options = rcl_service_get_options(service); const rcl_service_options_t * options = rcl_service_get_options(service);
RCL_CHECK_FOR_NULL_WITH_MSG(
options, "Failed to get service options", return RCL_RET_ERROR, rcl_get_default_allocator());
RCL_CHECK_ARGUMENT_FOR_NULL(request_header, RCL_RET_INVALID_ARGUMENT, options->allocator); RCL_CHECK_ARGUMENT_FOR_NULL(request_header, RCL_RET_INVALID_ARGUMENT, options->allocator);
RCL_CHECK_ARGUMENT_FOR_NULL(ros_response, RCL_RET_INVALID_ARGUMENT, options->allocator); RCL_CHECK_ARGUMENT_FOR_NULL(ros_response, RCL_RET_INVALID_ARGUMENT, options->allocator);

6
rcl_lifecycle/src/rcl_lifecycle.c
View file

@ -285,15 +285,20 @@ rcl_lifecycle_is_valid_transition(
const rcl_lifecycle_state_t * current_state = rcl_lifecycle_get_state( const rcl_lifecycle_state_t * current_state = rcl_lifecycle_get_state(
&state_machine->transition_map, current_id); &state_machine->transition_map, current_id);
RCL_CHECK_FOR_NULL_WITH_MSG(current_state,
"rcl_lifecycle_get_state returns NULL", return NULL, rcl_get_default_allocator());
for (unsigned int i = 0; i < current_state->valid_transition_size; ++i) { for (unsigned int i = 0; i < current_state->valid_transition_size; ++i) {
if (current_state->valid_transition_keys[i] == key) { if (current_state->valid_transition_keys[i] == key) {
return &current_state->valid_transitions[i]; return &current_state->valid_transitions[i];
} }
} }
RCUTILS_LOG_WARN_NAMED( RCUTILS_LOG_WARN_NAMED(
ROS_PACKAGE_NAME, ROS_PACKAGE_NAME,
"No callback transition matching %d found for current state %s", "No callback transition matching %d found for current state %s",
key, state_machine->current_state->label) key, state_machine->current_state->label)
return NULL; return NULL;
} }
@ -318,6 +323,7 @@ rcl_lifecycle_trigger_transition(
if (!transition->goal) { if (!transition->goal) {
RCUTILS_LOG_ERROR_NAMED( RCUTILS_LOG_ERROR_NAMED(
ROS_PACKAGE_NAME, "No valid goal is set") ROS_PACKAGE_NAME, "No valid goal is set")
return RCL_RET_ERROR;
} }
state_machine->current_state = transition->goal; state_machine->current_state = transition->goal;
if (publish_notification) { if (publish_notification) {