From: Pawel Wasowski Date: Mon, 12 Feb 2018 11:14:15 +0000 (+0100) Subject: [NFC] Fix memory management problems X-Git-Tag: submit/tizen_3.0/20180228.081957~1^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1c72703064f683c4c9cf9a30c15838ed2b751769;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [NFC] Fix memory management problems This commit prevents crashes, fixing 2 memory management problems: 1. user_data passed to nfc_tag_transceive was deleted twice 2. buffer argument of tagTransceiveCb was deleted inside the function; according to Native NFC API reference: "buffer will be automatically destroyed when the callback function returns. (Do not release buffer.)" [Verification] NFCTag.transceive() function was tested in Chrome DevTools console and worked fine. Change-Id: I509c368d817b6663373ba0614af73402f8ad47a6 Signed-off-by: Pawel Wasowski --- diff --git a/src/nfc/nfc_adapter.cc b/src/nfc/nfc_adapter.cc index d29aa70f..874fa6ef 100644 --- a/src/nfc/nfc_adapter.cc +++ b/src/nfc/nfc_adapter.cc @@ -1133,8 +1133,6 @@ PlatformResult NFCAdapter::TagWriteNDEF(int tag_id, const picojson::value& args) static void tagTransceiveCb(nfc_error_e err, unsigned char* buffer, int buffer_size, void* data) { ScopeLogger(); - std::unique_ptr buffer_ptr(buffer); - buffer = nullptr; if (!data) { // no callback id - unable to report success, neither error @@ -1161,7 +1159,10 @@ static void tagTransceiveCb(nfc_error_e err, unsigned char* buffer, int buffer_s picojson::value response = createEventSuccess(callback_id); picojson::object& response_obj = response.get(); tools::ReportSuccess(response_obj); - response_obj[JSON_DATA] = picojson::value(NFCUtil::FromUCharArray(buffer_ptr.get(), buffer_size)); + /* buffer contains response to the sent message + * According to the native API reference, it must not be freed + */ + response_obj[JSON_DATA] = picojson::value(NFCUtil::FromUCharArray(buffer, buffer_size)); NFCAdapter::GetInstance()->RespondAsync(response.serialize().c_str()); } @@ -1188,17 +1189,17 @@ PlatformResult NFCAdapter::TagTransceive(int tag_id, const picojson::value& args const picojson::array& data_array = FromJson(args.get(), JSON_DATA); - unsigned char* buffer = NFCUtil::DoubleArrayToUCharArray(data_array); + // this buffer contains the message to be sent; it may be deleted just after nfc_tag_transceive + // call + std::unique_ptr buffer(NFCUtil::DoubleArrayToUCharArray(data_array)); double* callback_id_pointer = new double(callback_id); - int ret = nfc_tag_transceive(m_last_tag_handle, buffer, data_array.size(), tagTransceiveCb, + int ret = nfc_tag_transceive(m_last_tag_handle, buffer.get(), data_array.size(), tagTransceiveCb, (void*)callback_id_pointer); if (NFC_ERROR_NONE != ret) { delete callback_id_pointer; callback_id_pointer = nullptr; - delete[] buffer; - buffer = nullptr; // for permission related error throw exception if (NFC_ERROR_SECURITY_RESTRICTED == ret || NFC_ERROR_PERMISSION_DENIED == ret) { @@ -1215,10 +1216,6 @@ PlatformResult NFCAdapter::TagTransceive(int tag_id, const picojson::value& args picojson::value event = CreateEventError(callback_id, result); NFCAdapter::GetInstance()->RespondAsync(event.serialize().c_str()); } - delete callback_id_pointer; - callback_id_pointer = nullptr; - delete[] buffer; - buffer = nullptr; return PlatformResult(ErrorCode::NO_ERROR); } diff --git a/src/nfc/nfc_util.cc b/src/nfc/nfc_util.cc index 8a5928fe..fcfb13ee 100644 --- a/src/nfc/nfc_util.cc +++ b/src/nfc/nfc_util.cc @@ -336,7 +336,7 @@ unsigned char* NFCUtil::DoubleArrayToUCharArray(const picojson::array& array_in) ScopeLogger(); unsigned char* result_array = new unsigned char[array_in.size()]; for (std::size_t i = 0; i < array_in.size(); ++i) { - result_array[i] = (int) array_in.at(i).get(); + result_array[i] = (int)array_in.at(i).get(); } return result_array; }