heap use after free fix

author Susnata Sovalin <s.sovalin@samsung.com>

Tue, 30 Jul 2019 11:18:34 +0000 (16:48 +0530)

committer Susnata Sovalin <s.sovalin@samsung.com>

Tue, 30 Jul 2019 11:54:40 +0000 (17:24 +0530)
author Susnata Sovalin <s.sovalin@samsung.com>
Tue, 30 Jul 2019 11:18:34 +0000 (16:48 +0530)
committer Susnata Sovalin <s.sovalin@samsung.com>
Tue, 30 Jul 2019 11:54:40 +0000 (17:24 +0530)
diff --git a/common/ctsvc_image_util.c b/common/ctsvc_image_util.c

index 90a28b0..3a24a6b 100644 (file)
--- a/common/ctsvc_image_util.c
+++ b/common/ctsvc_image_util.c
@@ -26,6 +26,7 @@ struct image_transform {
         void *buffer;
         GCond cond;
         GMutex mutex;
+       bool timeout;
  };
  
  int ctsvc_image_util_get_mimetype(image_util_colorspace_e colorspace,
@@ -207,6 +208,15 @@ static void _image_transform_completed_cb(media_packet_h *dst,
                 return;
         }
  
+       if(true == info->timeout) {
+               media_packet_destroy(*dst);
+               g_mutex_unlock(&info->mutex);
+               g_mutex_clear(&info->mutex);
+               g_cond_clear(&info->cond);
+               free(info);
+               return;
+       }
+
         if (IMAGE_UTIL_ERROR_NONE == error) {
                 ret = media_packet_get_buffer_size(*dst, &size);
                 if (MEDIA_PACKET_ERROR_NONE != ret) {
@@ -283,6 +293,7 @@ static int _ctsvc_image_util_transform_run(transformation_h transform,
         g_mutex_init(&info->mutex);
  
         g_mutex_lock(&info->mutex);
+       info->timeout=false;
         ret = image_util_transform_run(transform, packet, _image_transform_completed_cb, info);
         if (IMAGE_UTIL_ERROR_NONE != ret) {
                 /* LCOV_EXCL_START */
@@ -300,10 +311,11 @@ static int _ctsvc_image_util_transform_run(transformation_h transform,
                 /* timeout has passed */
                 /* LCOV_EXCL_START */
                 ERR("g_cond_wait_until() return FALSE");
-               g_mutex_unlock(&info->mutex);
-               g_mutex_clear(&info->mutex);
-               g_cond_clear(&info->cond);
-               free(info);
+               info->timeout =true;
+               //g_mutex_unlock(&info->mutex);
+               //g_mutex_clear(&info->mutex);
+               //g_cond_clear(&info->cond);
+               //free(info);
                 return CONTACTS_ERROR_SYSTEM;
                 /* LCOV_EXCL_STOP */
         }
author	Susnata Sovalin <s.sovalin@samsung.com>
	Tue, 30 Jul 2019 11:18:34 +0000 (16:48 +0530)
committer	Susnata Sovalin <s.sovalin@samsung.com>
	Tue, 30 Jul 2019 11:54:40 +0000 (17:24 +0530)