Resolve the ASAN issue of heap-use-after-free

 - Set null after free
 - Add null check for exceptions
 - Remove unnecessary variable and function call

Change-Id: Idfc7f43b4928472d2e37240cb36f568463633a58

diff --git a/src/daemon/backend/murphy/mm_resource_manager_backend.c b/src/daemon/backend/murphy/mm_resource_manager_backend.c
index f48102d0960d286e62ea342f9e242962419b3fb8..d8fde6d1e624a4bd4fb56bfa5f96ff3ee16bc08a 100644 (file)
--- a/src/daemon/backend/murphy/mm_resource_manager_backend.c
+++ b/src/daemon/backend/murphy/mm_resource_manager_backend.c
@@ -58,9 +58,15 @@ int _mm_resource_manager_backend_init(void)
 
 int _mm_resource_manager_backend_deinit()
 {
+       int ret;
+
        MM_RM_RETVM_IF(mrp == NULL,
                        MM_RESOURCE_MANAGER_ERROR_INVALID_PARAMETER, "mloop is NULL");
-       return _mm_resource_manager_mloop_destroy(mrp);
+
+       ret = _mm_resource_manager_mloop_destroy(mrp);
+       mrp = NULL;
+
+       return ret;
 }
 
 int _mm_resource_manager_backend_acquire(mm_resource_manager_res_type_e type)

diff --git a/src/daemon/backend/murphy/mm_resource_manager_mloop.c b/src/daemon/backend/murphy/mm_resource_manager_mloop.c
index 123e7e036f7141b3a3f7bfb5b569072e5f2dd546..98deb9fd4ccdfd1d58a369547d5dfd5701ecb8cb 100644 (file)
--- a/src/daemon/backend/murphy/mm_resource_manager_mloop.c
+++ b/src/daemon/backend/murphy/mm_resource_manager_mloop.c
@@ -248,6 +248,10 @@ static gboolean __mm_resource_manager_mloop_list_resources(mrp_res_context_t *co
 
 static int __mm_resource_manager_mloop_wait_connection(mm_resource_manager_mloop_s *mrp)
 {
+       MM_RM_RETVM_IF(mrp == NULL,
+               MM_RESOURCE_MANAGER_ERROR_INVALID_PARAMETER,
+               "mainloop_s is null");
+
        g_mutex_lock(&mrp->lock);
 
        if (mrp->mrp_ctx && MRP_RES_CONNECTED == mrp->mrp_ctx->state) {

diff --git a/src/daemon/mm_resource_manager_daemon.c b/src/daemon/mm_resource_manager_daemon.c
index f34ed288958074d1843f2035fc9445cd92d0871a..762f4edb3c09894d309516ceb6998c4fce7040df 100644 (file)
--- a/src/daemon/mm_resource_manager_daemon.c
+++ b/src/daemon/mm_resource_manager_daemon.c
@@ -46,7 +46,6 @@ typedef enum {
 
 
 static GMainLoop *main_loop;
-static gboolean init_failed = FALSE;
 static gboolean restart = FALSE;
 int notify_fd;
 
@@ -80,7 +79,6 @@ static gboolean fork_wait(void)
 
        if (pid != 0) {
                close(fds[1]);
-
                /* Read in a string from the pipe */
                MM_RM_RETVM_IF(read(fds[0], msg, sizeof(msg)) < 0,
                        FALSE, "Failed to create pipe to get child status");
@@ -131,8 +129,7 @@ static daemonize_result_e daemonize(const char *path)
 static gboolean init_event(gpointer user_data)
 {
        MM_RM_DEBUG("main loop = %p", main_loop);
-       init_failed = !_mmrm_dmn_init();
-       if (init_failed)
+       if (!_mmrm_dmn_init())
                g_main_loop_quit(main_loop);
 
        return G_SOURCE_REMOVE;
@@ -140,27 +137,33 @@ static gboolean init_event(gpointer user_data)
 
 static void daemon_loop()
 {
+       guint id = 0;
+
        do {
                restart = FALSE;
 
-               MM_RM_RETM_IF(g_timeout_add(0, init_event, NULL) <= 0,
-                               "Init event cannot be added to main loop");
-
-               if (!mm_resource_manager_reload_conf())
-                       return;
+               MM_RM_RETM_IF(!mm_resource_manager_reload_conf(),
+                               "Daemon cannot reload conf");
 
                main_loop = g_main_loop_new(NULL, FALSE);
                MM_RM_RETM_IF(main_loop == NULL, "Daemon cannot create main loop");
 
+               if ((id = g_timeout_add(100, init_event, NULL)) == 0) {
+                       MM_RM_ERROR("Init event cannot be added to main loop");
+                       goto end;
+               }
+
                MM_RM_INFO("Daemon loop [%p] is ran", main_loop);
                g_main_loop_run(main_loop);
                MM_RM_INFO("Daemon loop end");
 
-               if (!init_failed)
-                       _mmrm_dmn_deinit();
+end:
+               _mmrm_dmn_deinit();
 
                g_main_loop_unref(main_loop);
                main_loop = NULL;
+
+               MM_RM_RETM_IF(g_source_remove(id) == FALSE, "Failed to remove %d", id);
        } while (restart);
 }
 

diff --git a/src/daemon/mm_resource_manager_daemon_dbus.c b/src/daemon/mm_resource_manager_daemon_dbus.c
index 168d16a821a0515272097ed9c3b1160bfbddbaaa..aeaf80d258ac291fa6480a63732e1b91c0675ff3 100755 (executable)
--- a/src/daemon/mm_resource_manager_daemon_dbus.c
+++ b/src/daemon/mm_resource_manager_daemon_dbus.c
@@ -43,10 +43,6 @@ static void on_bus_acquired(GDBusConnection *connection, const gchar *name,
 
 int _mmrm_dmn_dbus_init()
 {
-#if !GLIB_CHECK_VERSION(2, 35, 0)
-       g_type_init();
-#endif
-
        interface = mmresource_manager_skeleton_new();
        MM_RM_RETVM_IF(interface == NULL,
                        MM_RESOURCE_MANAGER_ERROR_INVALID_OPERATION,

diff --git a/src/lib/mm_resource_manager_priv.c b/src/lib/mm_resource_manager_priv.c
index 499658710033eecd695fba37058a6b508c3dc443..1a8dc621197ec9a6d91760825580a370180cac2d 100644 (file)
--- a/src/lib/mm_resource_manager_priv.c
+++ b/src/lib/mm_resource_manager_priv.c
@@ -695,13 +695,9 @@ static int __dbus_init(mm_resource_manager_s *handle)
                        MM_RESOURCE_MANAGER_ERROR_INVALID_OPERATION,
                        "Dbus proxy is not NULL");
 
-#if !GLIB_CHECK_VERSION(2, 35, 0)
-       g_type_init();
-#endif
-
        g_main_context_push_thread_default(handle->dispatcher_context);
        handle->dbus_proxy = mmresource_manager_proxy_new_for_bus_sync(
-                       G_BUS_TYPE_SYSTEM, 0, RMD_GDBUS_NAME, RMD_GDBUS_PATH, NULL , &error);
+                       G_BUS_TYPE_SYSTEM, 0, RMD_GDBUS_NAME, RMD_GDBUS_PATH, NULL, &error);
        g_main_context_pop_thread_default(handle->dispatcher_context);
        MM_RM_RET_IF_GERR(error, "Dbus proxy cannot be created");