fixup! Fix heap-use-after-free issue

 - By thread scheduling, the data thread can be executed before setting the value of 'is_created'.
   where is set at _ms_ipc_dispatch_create().  So I remove to check value of 'is_created' which cause
   it not to run despite normal data thread execution. Instead we can use muse_server_module_is_valid().

Change-Id: I8bc4c0ac65d4ee98e477c0d5e475c2c60cff289e

diff --git a/packaging/mused.spec b/packaging/mused.spec
index 5797e7d220c3de98c12499c75e031807a49adb19..2c817eaab625f8866763e460159bb5d0f57a1475 100644 (file)
--- a/packaging/mused.spec
+++ b/packaging/mused.spec
@@ -1,6 +1,6 @@
 Name:       mused
 Summary:    A multimedia daemon
-Version:    0.3.160
+Version:    0.3.161
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0

diff --git a/server/src/muse_server_ipc.c b/server/src/muse_server_ipc.c
index f107e2b68e97bb526e3bbb51fc1e5d1291144a50..5e6b6b5b37179d384cd65652d8e155d3af312116 100644 (file)
--- a/server/src/muse_server_ipc.c
+++ b/server/src/muse_server_ipc.c
@@ -394,9 +394,10 @@ static gpointer _ms_ipc_data_worker(gpointer data)
        muse_return_val_if_fail(data, NULL);
 
        m = (muse_module_h)data;
-       SECURE_LOGW("module : %p pid %d handle %zd created %d", m, m->pid, m->handle, m->is_created);
+       SECURE_LOGW("module : %p pid %d handle %zd created %d fd %d",
+               m, m->pid, m->handle, m->is_created, m->ch[MUSE_CHANNEL_MSG].sock_fd);
 
-       muse_return_val_if_fail(m->pid > 0 && m->handle && m->is_created, NULL);
+       muse_return_val_if_fail(muse_server_module_is_valid(m), NULL);
 
        fd = m->ch[MUSE_CHANNEL_DATA].sock_fd;
        ch = &m->ch[MUSE_CHANNEL_DATA];