- Memory was being freed in function CADisconnectTCPSession without checking NULL condition
- This caused crash in IoTivity, fix is patched
- Also, a potential dangling pointer issue fized in uqeue.c
https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/
ced81117e624a1f416df3f5ff226427b2d070515
(cherry-picked from
ced81117e624a1f416df3f5ff226427b2d070515)
Change-Id: Ic6ede9df63aa8e5590c253f9430eeba401231347
Signed-off-by: samanway-dey <samanway.dey@samsung.com>
Signed-off-by: Sudipto <sudipto.bal@samsung.com>
/* error in queue, free the allocated memory*/
OICFree(element);
/* error in queue, free the allocated memory*/
OICFree(element);
- return CA_STATUS_FAILED;
+ element = NULL;
+ return CA_STATUS_FAILED;
}
queue->element = element;
}
queue->element = element;
CAResult_t CADisconnectTCPSession(size_t index)
{
CAResult_t CADisconnectTCPSession(size_t index)
{
+ oc_mutex_lock(g_mutexObjectList);
CATCPSessionInfo_t *removedData = u_arraylist_remove(caglobals.tcp.svrlist, index);
if (!removedData)
{
OIC_LOG(DEBUG, TAG, "there is no data to be removed");
CATCPSessionInfo_t *removedData = u_arraylist_remove(caglobals.tcp.svrlist, index);
if (!removedData)
{
OIC_LOG(DEBUG, TAG, "there is no data to be removed");
+ oc_mutex_unlock(g_mutexObjectList);
+ oc_mutex_unlock(g_mutexObjectList);
// close the socket and remove session info in list.
if (removedData->fd >= 0)
{
// close the socket and remove session info in list.
if (removedData->fd >= 0)
{
g_connectionCallback(&(removedData->sep.endpoint), false, removedData->isClient);
}
}
g_connectionCallback(&(removedData->sep.endpoint), false, removedData->isClient);
}
}
- OICFree(removedData->data);
- removedData->data = NULL;
-
- OICFree(removedData->tlsdata);
- removedData->tlsdata = NULL;
+ if (removedData->data)
+ {
+ OICFree(removedData->data);
+ removedData->data = NULL;
+ }
- OICFree(removedData);
- removedData = NULL;
+ if (removedData->tlsdata)
+ {
+ OICFree(removedData->tlsdata);
+ removedData->tlsdata = NULL;
+ }
+ if (removedData)
+ {
+ OICFree(removedData);
+ removedData = NULL;
+ }
OIC_LOG(DEBUG, TAG, "data is removed from session list");
#ifndef DISABLE_TCP_SERVER
OIC_LOG(DEBUG, TAG, "data is removed from session list");
#ifndef DISABLE_TCP_SERVER