From 77458fd6109d0a3478b6adcb34c5ef1a3d47ff35 Mon Sep 17 00:00:00 2001 From: "manish.r" Date: Wed, 6 Oct 2021 14:28:20 +0530 Subject: [PATCH] Add Check before free Change-Id: Idc5c446f1316fd4e05f27fb741f8a270af57f594 Signed-off-by: manish.r --- CMakeLists.txt | 7 +++++-- src/sdb.c | 24 ++++++++++++++++++++---- src/sockets.c | 11 +++++++++++ src/sysdeps.h | 4 ++-- src/transport.c | 12 ++++++++++-- src/unordered_ptr_set.cpp | 46 ++++++++++++++++++++++++++++++++++++++++++++++ src/unordered_ptr_set.h | 21 +++++++++++++++++++++ 7 files changed, 115 insertions(+), 10 deletions(-) mode change 100644 => 100755 src/sockets.c mode change 100644 => 100755 src/sysdeps.h mode change 100644 => 100755 src/transport.c create mode 100755 src/unordered_ptr_set.cpp create mode 100644 src/unordered_ptr_set.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 915d312..851be0f 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -59,6 +59,7 @@ SET(SDBD_SRCS src/plugin_encrypt.c src/descs_strings.c src/sdbd.c + src/unordered_ptr_set.cpp ) SET(SDBD_SERVICE_SRCS @@ -94,6 +95,7 @@ SET(SDBD_SERVICE_SRCS src/descs_strings.c src/services.c src/sdbd_service.c + src/unordered_ptr_set.cpp ) SET(SDBD_SUBS @@ -144,14 +146,15 @@ foreach(flag ${SYSTEMD_CFLAGS}) endforeach(flag) SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}") +SET(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -w") find_package(Threads REQUIRED) ADD_EXECUTABLE(sdbd ${SDBD_SRCS}) ADD_EXECUTABLE(sdbd-user ${SDBD_SUBS}) ADD_EXECUTABLE(sdbd-service ${SDBD_SERVICE_SRCS}) -TARGET_LINK_LIBRARIES(sdbd -pie -lsmack -lresolv -ldl ${CMAKE_THREAD_LIBS_INIT} ${pkgs_LDFLAGS} ${SYSTEMD_LDFLAGS}) -TARGET_LINK_LIBRARIES(sdbd-service -pie -lsmack -lresolv -ldl ${CMAKE_THREAD_LIBS_INIT} ${pkgs_LDFLAGS} ${SYSTEMD_LDFLAGS}) +TARGET_LINK_LIBRARIES(sdbd -pie -lsmack -lresolv -ldl -pthread ${CMAKE_THREAD_LIBS_INIT} ${pkgs_LDFLAGS} ${SYSTEMD_LDFLAGS}) +TARGET_LINK_LIBRARIES(sdbd-service -pie -lsmack -lresolv -ldl -pthread ${CMAKE_THREAD_LIBS_INIT} ${pkgs_LDFLAGS} ${SYSTEMD_LDFLAGS}) TARGET_LINK_LIBRARIES(sdbd-user -pie ${CMAKE_THREAD_LIBS_INIT} ${pkgs_LDFLAGS}) set_property( diff --git a/src/sdb.c b/src/sdb.c index 7b79f52..a28a911 100755 --- a/src/sdb.c +++ b/src/sdb.c @@ -64,6 +64,8 @@ #include #define GUEST_IP_INTERFACE "eth0" +#include "unordered_ptr_set.h" + SDB_MUTEX_DEFINE(zone_check_lock); #if SDB_TRACE SDB_MUTEX_DEFINE( D_lock ); @@ -385,6 +387,7 @@ apacket *get_apacket(void) fatal("failed to allocate an apacket"); } memset(p, 0, sizeof(apacket) - MAX_PAYLOAD); + set_insert((void*)p); return p; } @@ -395,9 +398,17 @@ void put_apacket(apacket *p) E("Invalid apacket = [0x%p]", p); fatal("Invalid apacket = [0x%p]", p); } - if (p != NULL) { - free(p); - p = NULL; + if(set_find((void*)p) == 1) + { + if (p != NULL) { + free(p); + D("Memory Free done for [0x%p]", p); + p = NULL; + } + } + else + { + D("Memory Free not done for [0x%p] as not available in set", p); } } @@ -601,6 +612,7 @@ static void send_ready(unsigned local, unsigned remote, atransport *t) { I("Calling send_ready \n"); apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_OKAY; p->msg.arg0 = local; p->msg.arg1 = remote; @@ -611,6 +623,7 @@ static void send_close(unsigned local, unsigned remote, atransport *t) { I("Calling send_close \n"); apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_CLSE; p->msg.arg0 = local; p->msg.arg1 = remote; @@ -621,6 +634,7 @@ static void send_connect(atransport *t) { I("Calling send_connect \n"); apacket *cp = get_apacket(); + D("Memory allocated for packet at [0x%p]", cp); cp->msg.command = A_CNXN; cp->msg.arg0 = A_VERSION; #ifdef SUPPORT_ENCRYPT @@ -662,6 +676,7 @@ void send_device_status() { I("broadcast device status\n"); apacket* cp = get_apacket(); + D("Memory allocated for packet at [0x%p]", cp); cp->msg.command = A_STAT; cp->msg.arg0 = is_pwlocked; cp->msg.arg1 = 0; @@ -670,6 +685,7 @@ void send_device_status() //all broadcasted packets are memory copied //so, we should call put_apacket + D("Memory trying to be being Freed for packet at [0x%p]", cp); put_apacket(cp); } @@ -995,7 +1011,7 @@ void handle_packet(apacket *p, atransport *t) default: printf("handle_packet: what is %08x?!\n", p->msg.command); } - + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); } diff --git a/src/sockets.c b/src/sockets.c old mode 100644 new mode 100755 index ebc7550..e16631b --- a/src/sockets.c +++ b/src/sockets.c @@ -166,6 +166,7 @@ static int local_socket_enqueue(asocket *s, apacket *p) } if(p->len == 0) { + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); return 0; /* ready for more data */ } @@ -216,6 +217,7 @@ static void local_socket_destroy(asocket *s) for(p = s->pkt_first; p; p = n) { D("LS(%d): discarding %d bytes\n", s->id, p->len); n = p->next; + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); } remove_socket(s); @@ -294,6 +296,7 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s) if(p->len == 0) { s->pkt_first = p->next; if(s->pkt_first == 0) s->pkt_last = 0; + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); } } @@ -318,6 +321,7 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s) if(ev & FDE_READ){ apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); unsigned char *x = p->data; #ifdef SUPPORT_ENCRYPT // sdb.c:536에서 sdb server의 패킷은 MAX_PAYLOAD-100으로 정하여서, @@ -355,6 +359,7 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s) //변경된 최대 패킷 크기로 코드 수정 if ((avail == max_payload) || (s->peer == 0)) { + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); } else { p->len = max_payload >= avail ? max_payload - avail : 0; @@ -464,6 +469,7 @@ static void remote_socket_ready(asocket *s) D("entered remote_socket_ready RS(%d) OKAY fd=%d peer.fd=%d\n", s->id, s->fd, s->peer->fd); apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_OKAY; p->msg.arg0 = s->peer->id; p->msg.arg1 = s->id; @@ -475,6 +481,7 @@ static void remote_socket_close(asocket *s) D("entered remote_socket_close RS(%d) CLOSE fd=%d peer->fd=%d\n", s->id, s->fd, s->peer?s->peer->fd:-1); apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_CLSE; if(s->peer) { p->msg.arg0 = s->peer->id; @@ -527,6 +534,7 @@ void connect_to_remote(asocket *s, const char *destination) { //D("Connect_to_remote call RS(%d) fd=%d\n", s->id, s->fd); apacket *p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); size_t len = strlen(destination) + 1; if(len > (asock_get_max_payload(s)-1)) { @@ -631,6 +639,7 @@ static int smart_socket_enqueue(asocket *s, apacket *p) } else { if((s->pkt_first->len + p->len) > asock_get_max_payload(s)) { D("SS(%d): overflow\n", s->id); + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); goto fail; } @@ -638,6 +647,7 @@ static int smart_socket_enqueue(asocket *s, apacket *p) memcpy(s->pkt_first->data + s->pkt_first->len, p->data, p->len); s->pkt_first->len += p->len; + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); p = s->pkt_first; @@ -717,6 +727,7 @@ static void smart_socket_close(asocket *s) { D("SS(%d): closed\n", s->id); if(s->pkt_first){ + D("Memory trying to be being Freed for packet at [0x%p]", s->pkt_first); put_apacket(s->pkt_first); } if(s->peer) { diff --git a/src/sysdeps.h b/src/sysdeps.h old mode 100644 new mode 100755 index d7840fb..007b69a --- a/src/sysdeps.h +++ b/src/sysdeps.h @@ -531,12 +531,12 @@ static __inline__ void sdb_sysdeps_init(void) { } -static __inline__ char* sdb_dirstart(const char* path) +static __inline__ const char* sdb_dirstart(const char* path) { return strchr(path, '/'); } -static __inline__ char* sdb_dirstop(const char* path) +static __inline__ const char* sdb_dirstop(const char* path) { return strrchr(path, '/'); } diff --git a/src/transport.c b/src/transport.c old mode 100644 new mode 100755 index dce1888..254e581 --- a/src/transport.c +++ b/src/transport.c @@ -286,11 +286,13 @@ static void *output_thread(void *_t) D("%s: starting transport output thread on fd %d, SYNC online (%d)\n", t->serial, t->fd, t->sync_token + 1); p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_SYNC; p->msg.arg0 = 1; p->msg.arg1 = ++(t->sync_token); p->msg.magic = A_SYNC ^ 0xffffffff; if(write_packet(t->fd, t->serial, &p)) { + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); E("%s: failed to write SYNC packet\n", t->serial); goto oops; @@ -299,7 +301,7 @@ static void *output_thread(void *_t) D("%s: data pump started\n", t->serial); for(;;) { p = get_apacket(); - + D("Memory allocated for packet at [0x%p]", p); if(t->read_from_remote(p, t) == 0){ //D("%s: received remote packet, sending to transport\n", t->serial); @@ -312,12 +314,14 @@ static void *output_thread(void *_t) #endif if(write_packet(t->fd, t->serial, &p)){ + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); E("%s: failed to write apacket to transport\n", t->serial); goto oops; } } else { E("%s: remote read failed for transport\n", t->serial); + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); break; } @@ -325,11 +329,13 @@ static void *output_thread(void *_t) D("%s: SYNC offline for transport\n", t->serial); p = get_apacket(); + D("Memory allocated for packet at [0x%p]", p); p->msg.command = A_SYNC; p->msg.arg0 = 0; p->msg.arg1 = 0; p->msg.magic = A_SYNC ^ 0xffffffff; if(write_packet(t->fd, t->serial, &p)) { + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); E("%s: failed to write SYNC apacket to transport", t->serial); } @@ -366,6 +372,7 @@ static void *input_thread(void *_t) if(p->msg.command == A_SYNC){ if(p->msg.arg0 == 0) { D("%s: transport SYNC offline\n", t->serial); + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); break; } else { @@ -398,7 +405,7 @@ static void *input_thread(void *_t) D("%s: transport ignoring packet while offline\n", t->serial); } } - + D("Memory trying to be being Freed for packet at [0x%p]", p); put_apacket(p); } @@ -828,6 +835,7 @@ void broadcast_transport(apacket *p) D("broadcast device transport:%s\n", statename(t)); if (t->connection_state != CS_OFFLINE && t->connection_state != CS_NOPERM) { apacket* ap = get_apacket(); + D("Memory allocated for packet at [0x%p]", ap); copy_packet(ap, p); send_packet(ap, t); diff --git a/src/unordered_ptr_set.cpp b/src/unordered_ptr_set.cpp new file mode 100755 index 0000000..060a350 --- /dev/null +++ b/src/unordered_ptr_set.cpp @@ -0,0 +1,46 @@ +#define LOG_TAG "SDBD_TRACE_SET" +#include "log.h" + +#include +#include +#include +using namespace std; + +unordered_set Set; +mutex mtx; + +extern "C" void set_insert(void* ptr); +extern "C" int set_find(void* ptr); +void set_print(void); + +void set_insert(void* ptr) +{ + mtx.lock(); + Set.insert((uintptr_t)ptr); + set_print(); + mtx.unlock(); +} + +int set_find(void* ptr) +{ + int retvalue=0; // Not Found + mtx.lock(); + if (Set.find((uintptr_t)ptr) != Set.end()) + { + Set.erase((uintptr_t)ptr); + retvalue=1; // Found and deleted + } + set_print(); + mtx.unlock(); + return retvalue; +} + +void set_print(void) +{ + int i=1; + for (auto it = Set.begin(); it != Set.end(); ++it,++i) + { + D("Elements in set %p\n",*it); + } + D("Number Of Elements %d",i); +} \ No newline at end of file diff --git a/src/unordered_ptr_set.h b/src/unordered_ptr_set.h new file mode 100644 index 0000000..67172e3 --- /dev/null +++ b/src/unordered_ptr_set.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __UNSET_H +#define __UNSET_H +void set_insert(void* ptr); +int set_find(void* ptr); +#endif -- 2.7.4