Skip to content

GitLab

I
iotivity-lite
Closed
Opened by Rami Alshafi@ramiOwner

Null pointer dereference getting the endpoints during discovery of owned devices

During discovery of owned devices, a crash is produced when IoTivity-lite sends a GET request to "/oic/res?rt=oic.r.doxm" to get the endpoints.
 
As the attached log file of IoTivity-lite shows, the OBT discovers an unowned device (Device ID: 1687423f-e096-4034-69c1-d492c399a974) and it can get the endpoints successfully. Then, the OBT discovers an owned device but when it tries to get the endpoints, IoTivity-lite throws the following crash caused by a null pointer dereference:
 
--------- beginning of crash

09-02 13:39:09.168 9401 9460 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x18 in tid 9460 (Thread-3), pid 9401 (nnectivity.otgc)

09-02 13:39:09.299 9470 9470 I crash_dump32: obtaining output fd from tombstoned, type: kDebuggerdTombstone

09-02 13:39:09.301 9470 9470 I crash_dump32: performing dump of process 9401 (target tid = 9460)

09-02 13:39:09.340 9470 9470 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

09-02 13:39:09.340 9470 9470 F DEBUG : Build fingerprint: 'samsung/dreamltexx/dreamlte:9/PPR1.180610.011/G950FXXU5DSFB:user/release-keys'

09-02 13:39:09.341 9470 9470 F DEBUG : Revision: '10'

09-02 13:39:09.341 9470 9470 F DEBUG : ABI: 'arm'

09-02 13:39:09.341 9470 9470 F DEBUG : pid: 9401, tid: 9460, name: Thread-3 >>> org.openconnectivity.otgc <<<

09-02 13:39:09.341 9470 9470 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x18

09-02 13:39:09.341 9470 9470 F DEBUG : Cause: null pointer dereference

09-02 13:39:09.341 9470 9470 F DEBUG : r0 00000000 r1 d0a03f18 r2 00000086 r3 cfcf9538

09-02 13:39:09.341 9470 9470 F DEBUG : r4 f483180d r5 cfcf99b0 r6 cfcf9970 r7 00000078

09-02 13:39:09.341 9470 9470 F DEBUG : r8 000024b9 r9 cfcf9970 r10 d283a9c8 r11 cfcf94b0

09-02 13:39:09.341 9470 9470 F DEBUG : ip d0a3d9a4 sp cfcf9410 lr d0a1a69c pc d0a03f38

09-02 13:39:09.352 9470 9470 F DEBUG :

09-02 13:39:09.352 9470 9470 F DEBUG : backtrace:

09-02 13:39:09.353 9470 9470 F DEBUG : #00 pc 000c3f38 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (get_endpoints+32)

09-02 13:39:09.353 9470 9470 F DEBUG : #1 (closed) pc 000da698 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (oc_ri_invoke_client_cb+808)

09-02 13:39:09.353 9470 9470 F DEBUG : #2 (closed) pc 00099adc /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (coap_receive+8216)

09-02 13:39:09.353 9470 9470 F DEBUG : #3 (closed) pc 00097a68 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (process_thread_coap_engine+180)

09-02 13:39:09.353 9470 9470 F DEBUG : #4 (closed) pc 0005fc3c /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (call_process+136)

09-02 13:39:09.353 9470 9470 F DEBUG : #5 (closed) pc 0005f828 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (do_event+520)

09-02 13:39:09.353 9470 9470 F DEBUG : #6 (closed) pc 0005f550 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (oc_process_run+36)

09-02 13:39:09.353 9470 9470 F DEBUG : #7 (closed) pc 000bf4b4 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (oc_main_poll+24)

09-02 13:39:09.353 9470 9470 F DEBUG : #8 (closed) pc 00020fc8 /data/app/org.openconnectivity.otgc--_U2mVN0dDvO4EZhYvBrQQ==/lib/arm/libiotivity-lite-jni.so (jni_poll_event+232)

09-02 13:39:09.353 9470 9470 F DEBUG : #9 (closed) pc 00064899 /system/lib/libc.so (__pthread_start(void*)+140)

09-02 13:39:09.353 9470 9470 F DEBUG : #10 (closed) pc 0001e329 /system/lib/libc.so (__start_thread+24)
 

JIRA migration meta data

  • JIRA Issue ID: LITE-85
  • Reporter: javiguerra
  • Assignee: kmaloor
  • Creator: javiguerra
  • Created at: 2019-09-03T03:37:08.000-0700
  • Found in Version: master
  • Fix in Version: None
  • Issue Severity: Normal
  • Reproducibility: Sporadic (20% - 50%)
  • Operating System: Android
  • Hardware/ OEM Platform: None
  • External URL: None
  • Bugzilla ID: None
  • Product: None
  • Status: Done
  • Components: otgc
  • Priority: P1
  • Due Date: None
  • Issue Type: Bug
    END of JIRA migration meta data