From 3383987d4ca4e9e6dd3e7f1ed18f8bff1c37e8c2 Mon Sep 17 00:00:00 2001 From: YoungHun Kim Date: Wed, 21 Dec 2022 13:42:53 +0900 Subject: [PATCH] fixup! Fix heap-use-after-free issue - By thread scheduling, the data thread can be executed before setting the value of 'is_created'. where is set at _ms_ipc_dispatch_create(). So I remove to check value of 'is_created' which cause it not to run despite normal data thread execution. Instead we can use muse_server_module_is_valid(). Change-Id: I8bc4c0ac65d4ee98e477c0d5e475c2c60cff289e --- packaging/mused.spec | 2 +- server/src/muse_server_ipc.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/packaging/mused.spec b/packaging/mused.spec index 5797e7d..2c817ea 100644 --- a/packaging/mused.spec +++ b/packaging/mused.spec @@ -1,6 +1,6 @@ Name: mused Summary: A multimedia daemon -Version: 0.3.160 +Version: 0.3.161 Release: 0 Group: System/Libraries License: Apache-2.0 diff --git a/server/src/muse_server_ipc.c b/server/src/muse_server_ipc.c index f107e2b..5e6b6b5 100644 --- a/server/src/muse_server_ipc.c +++ b/server/src/muse_server_ipc.c @@ -394,9 +394,10 @@ static gpointer _ms_ipc_data_worker(gpointer data) muse_return_val_if_fail(data, NULL); m = (muse_module_h)data; - SECURE_LOGW("module : %p pid %d handle %zd created %d", m, m->pid, m->handle, m->is_created); + SECURE_LOGW("module : %p pid %d handle %zd created %d fd %d", + m, m->pid, m->handle, m->is_created, m->ch[MUSE_CHANNEL_MSG].sock_fd); - muse_return_val_if_fail(m->pid > 0 && m->handle && m->is_created, NULL); + muse_return_val_if_fail(muse_server_module_is_valid(m), NULL); fd = m->ch[MUSE_CHANNEL_DATA].sock_fd; ch = &m->ch[MUSE_CHANNEL_DATA]; -- 2.7.4