If the process uses the aul_svc_run_service_for_uid() function in the
thread, the result callback info handle is deleted in the main thread when
the callee application sends a result immediately.
- Memcheck report
+------------------------------------------------------------------------------+
| Thread 4: |
| Invalid write of size 4 |
| at 0x50F7594: __launch_app_with_result (launch_with_result.c:337) |
| by 0x50F7781: aul_launch_app_with_result_for_uid (launch_with_result.c:357)|
| by 0x50FA777: __run_svc_with_pkgname (service.c:247) |
| by 0x50FAE37: __run_service (service.c:896) |
| by 0x50FB743: aul_svc_run_service_for_uid (service.c:1171) |
| Address 0x5a57b58 is 0 bytes inside a block of size 24 free'd |
| at 0x4846EC8: free (vg_replace_malloc.c:530) |
| by 0x50F73C5: __call_app_result_callback (launch_with_result.c:207) |
| by 0x50F7741: app_result (launch_with_result.c:295) |
| Block was alloc'd at |
| at 0x48458A4: malloc (vg_replace_malloc.c:299) |
| by 0x50F71FF: __create_resultcb (launch_with_result.c:128) |
| by 0x50F7575: __launch_app_with_result (launch_with_result.c:329) |
| by 0x50F7781: aul_launch_app_with_result_for_uid (launch_with_result.c:357)|
+------------------------------------------------------------------------------+
Change-Id: I9cf4704e8bf949d136e810004e5e89680e547e24
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
info = __create_resultcb(-1, seq_num, callback, NULL, data);
if (info)
__add_resultcb(info);
- free(seq_num);
ret = app_request_to_launchpad_for_uid(cmd, appid, kb, uid);
- if (ret > 0) {
- if (info)
+ info = __find_resultcb(seq_num);
+ if (info) {
+ if (ret > 0) {
info->launched_pid = ret;
- } else {
- __remove_resultcb(info);
- __destroy_resultcb(info);
+ } else {
+ __remove_resultcb(info);
+ __destroy_resultcb(info);
+ }
}
+ free(seq_num);
return ret;
}
projects / platform / core / appfw / aul-1.git / commitdiff