From: Seonah Moon <seonah1.moon@samsung.com>
Date: Wed, 16 Sep 2020 01:29:33 +0000 (+0900)
Subject: Fix heap-use-after-free
X-Git-Tag: accepted/tizen/5.5/unified/20200917.233414~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ecb630286b66ebb318311e0799d88b81dafef97e;p=platform%2Fframework%2Fweb%2Fdownload-provider.git

Fix heap-use-after-free

In case of below scenario, da_info is freed immediately after cancel
request.

[client request thread]      [http thread]
1. download start
                           2. network doesn't work temporary
                           3. wait for auto retry (pthread_cond_timedwait(cond_http))
4. request cancel
                           5. pthread_cond_signal(cond_http)
                           6. free da_info
7. access to da_info for
   debugging message
   (fault)

Change-Id: Iaf0c50248fa350183c2915ecd40bea99d6c25138
---

diff --git a/agent/download-agent-dl-mgr.c b/agent/download-agent-dl-mgr.c
index 2da7d99..810e56a 100755
--- a/agent/download-agent-dl-mgr.c
+++ b/agent/download-agent-dl-mgr.c
@@ -119,7 +119,7 @@ da_ret_t cancel_download(int dl_id, da_bool_t is_enable_cb)
 	ret = request_to_cancel_http_download(da_info);
 	if (ret != DA_RESULT_OK)
 		goto ERR;
-	DA_LOGI("Download cancel Successful for download id[%d]", da_info->da_id);
+	DA_LOGI("Download cancel Successful for download id[%d]", dl_id);
 
 ERR:
 	return ret;
diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec
index 762736a..992ed63 100755
--- a/packaging/download-provider.spec
+++ b/packaging/download-provider.spec
@@ -1,6 +1,6 @@
 Name:       download-provider
 Summary:    Download the contents in background
-Version:    2.1.115
+Version:    2.1.116
 Release:    0
 Group:      Development/Libraries
 License:    Apache-2.0