Description: This patch fixes the issue in which dangling network pointer
is present as user_data of signalpoll_callback.
This dangling pointer crashes connman with below backtrace:-
>>> bt
\#0 connman_device_get_ident (device=0x6e6f632f) at src/device.c:592
\#1 0xb6f54994 in __connman_network_get_ident (network=network@entry=0xb87715b0) at src/network.c:1560
\#2 0xb6f652da in connman_service_lookup_from_network (network=network@entry=0xb87715b0) at src/service.c:10177
\#3 0xb6f655ee in __connman_service_notify_strength_changed (network=network@entry=0xb87715b0) at src/service.c:10523
\#4 0xb6f5527c in connman_network_set_strength (network=network@entry=0xb87715b0, strength=strength@entry=69 'E') at src/network.c:2704
\#5 0xb6f36ac0 in signalpoll_callback (result=<optimized out>, maxspeed=39, strength=69, user_data=0xb87715b0) at plugins/wifi.c:3866
\#6 0xb6f3b68e in interface_signalpoll_result (error=<optimized out>, iter=<optimized out>, user_data=0xb8782af8) at gsupplicant/supplicant.c:6348
\#7 0xb6f4335a in method_call_reply (call=0xb8771ec0, user_data=0xb8782c98) at gsupplicant/dbus.c:476
\#8 0xb6da23a4 in ?? () from /lib/libdbus-1.so.3
\#9 0xb6da5fa0 in dbus_connection_dispatch () from /lib/libdbus-1.so.3
\#10 0xb6f94dce in message_dispatch (data=0xb875fe78) at gdbus/mainloop.c:72
\#11 0xb6e21d84 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
\#12 0xb6e22008 in ?? () from /lib/libglib-2.0.so.0
\#13 0xb6e22268 in g_main_loop_run () from /lib/libglib-2.0.so.0
\#14 0xb6f29d3e in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:1373
Change-Id: Ia171c2ddabf6a4f9c3d6a6bbd3763398b6e0ce46
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Name: connman
Version: 1.37
Name: connman
Version: 1.37
License: GPL-2.0+
Summary: Connection Manager
Url: http://connman.net
License: GPL-2.0+
Summary: Connection Manager
Url: http://connman.net
if (result != 0) {
DBG("Failed to get maxspeed from signalpoll !");
if (result != 0) {
DBG("Failed to get maxspeed from signalpoll !");
+ connman_network_unref(network);
strength = 100;
DBG("maxspeed = %d, strength = %d", maxspeed, strength);
strength = 100;
DBG("maxspeed = %d, strength = %d", maxspeed, strength);
- if (network) {
- connman_network_set_strength(network, (uint8_t)strength);
- connman_network_set_maxspeed(network, maxspeed);
- set_connection_mode(network, maxspeed);
- }
+
+ connman_network_set_strength(network, (uint8_t)strength);
+ connman_network_set_maxspeed(network, maxspeed);
+ set_connection_mode(network, maxspeed);
+
+ connman_network_unref(network);
}
static int network_signalpoll(struct wifi_data *wifi)
}
static int network_signalpoll(struct wifi_data *wifi)
if (!wifi || !wifi->network)
return -ENODEV;
if (!wifi || !wifi->network)
return -ENODEV;
+ wifi->network = connman_network_ref(wifi->network);
+
interface = wifi->interface;
network = wifi->network;
interface = wifi->interface;
network = wifi->network;
if (ret < 0) {
DBG("Fail to get max speed !!");
wifi->automaxspeed_timeout = 0;
if (ret < 0) {
DBG("Fail to get max speed !!");
wifi->automaxspeed_timeout = 0;
+ connman_network_unref(wifi->network);