When an aggregate response is freed after sending it, only head response which
has a pointer of next response of the aggregate response is freed, not all
the linked responses, which might lead a wrong memory access after it.
For this reason, OCPayloadDestroy function is better to be used than
OICFree function in DeleteServerResponse function.
Additionally, I've often observed that ehResponse->payload is freed somewhere
, which the pointer becomes NULL. To overcome this exceptional situation, I
copies ehResponse->payload to a new payload data with OCRepPayloadClone
function and safely frees it when it has to be freed.
Change-Id: Ide42346b6ce4858b2587795db29b36027793a077
Signed-off-by: Jihun Ha <jihun.ha@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3975
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Madan Lanka <lanka.madan@samsung.com>
if(serverResponse)
{
LL_DELETE(serverResponseList, serverResponse);
- OICFree(serverResponse->payload);
+ OCPayloadDestroy(serverResponse->payload);
OICFree(serverResponse);
OC_LOG(INFO, TAG, "Server Response Removed!!");
}
goto exit;
}
+ OCRepPayload *newPayload = OCRepPayloadClone((OCRepPayload *)ehResponse->payload);
+
if(!serverResponse->payload)
{
- serverResponse->payload = ehResponse->payload;
+ serverResponse->payload = (OCPayload *)newPayload;
}
else
{
OCRepPayloadAppend((OCRepPayload*)serverResponse->payload,
- (OCRepPayload*)ehResponse->payload);
+ (OCRepPayload*)newPayload);
}
projects / platform / upstream / iotivity.git / commitdiff