Before setting the data of the widget instance, we should check
whether the instance is running or not. If the create callback function
returns a negative error value, the instance is dropped.
ASAN Report:
ERROR: AddressSanitizer: heap-use-after-free on address 0xaf6ccb90 at pc 0xb54cda33 bp 0xbed9accc sp 0xbed9acc4
WRITE of size 4 at 0xaf6ccb90 thread T0
- #0 0xb54cda31 in __control_create /usr/src/debug/appcore-widget-1.3.1/src/base/widget_base.c:328
- #1 0xb54cda31 in __multiwindow_control /usr/src/debug/appcore-widget-1.3.1/src/base/widget_base.c:672
- #2 0xb47540f1 in appcore_base_on_receive /usr/src/debug/app-core-1.13.0/src/base/appcore_base.c:1178
previously allocated by thread T0 here:
- #0 0xb6aa9695 in calloc asan_rtl (discriminator 2)
- #1 0xb54cd7a3 in __control_create /usr/src/debug/appcore-widget-1.3.1/src/base/widget_base.c:316
- #2 0xb54cd7a3 in __multiwindow_control /usr/src/debug/appcore-widget-1.3.1/src/base/widget_base.c:672
- #3 0xb47540f1 in appcore_base_on_receive /usr/src/debug/app-core-1.13.0/src/base/appcore_base.c:1178
Change-Id: I88bb7df5a8bc62f9b44ae338fb16663b36fbcd9b
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
/* call stub create */
appcore_multiwindow_base_instance_run(class_id, id, data);
- data->args = NULL;
- bundle_get_str(b, WIDGET_K_CONTENT_INFO, &content);
- if (content)
- data->content = strdup(content);
-
+ if (appcore_multiwindow_base_instance_find(id)) {
+ data->args = NULL;
+ bundle_get_str(b, WIDGET_K_CONTENT_INFO, &content);
+ if (content)
+ data->content = strdup(content);
+ }
}
static void __control_resume(const char *class_id, const char *id, bundle *b)