From ff7790b316b8c8dc4f0f56bb4d9aefd7796d7e25 Mon Sep 17 00:00:00 2001 From: Avichal Date: Tue, 9 Apr 2019 17:13:16 +0530 Subject: [PATCH] ASAN issue 1. heap-use-after-free in enlightenment (TFDF-279,280) 2. heap-use-after-free in amd(TFDF-281,282) THis issue reported on termination of sensord Change-Id: I03e1d592e9caa93636d31d712e581c48db2d2363 Signed-off-by: Avichal --- src/shared/channel_event_handler.cpp | 2 -- src/shared/event_loop.cpp | 13 ++++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/shared/channel_event_handler.cpp b/src/shared/channel_event_handler.cpp index cc8a2bb..8a6b64b 100644 --- a/src/shared/channel_event_handler.cpp +++ b/src/shared/channel_event_handler.cpp @@ -46,13 +46,11 @@ bool channel_event_handler::handle(int fd, event_condition condition) if (condition & (EVENT_HUP)) { m_ch->disconnect(); - m_ch = NULL; return false; } if (!m_ch->read_sync(msg, false)) { m_ch->disconnect(); - m_ch = NULL; return false; } diff --git a/src/shared/event_loop.cpp b/src/shared/event_loop.cpp index 713cd90..881d39d 100644 --- a/src/shared/event_loop.cpp +++ b/src/shared/event_loop.cpp @@ -38,6 +38,9 @@ static gboolean g_io_handler(GIOChannel *ch, GIOCondition condition, gpointer da uint64_t id; int fd; bool term; + bool ret; + event_loop *loop; + event_handler *handler; unsigned int cond; cond = (unsigned int)condition; @@ -46,17 +49,21 @@ static gboolean g_io_handler(GIOChannel *ch, GIOCondition condition, gpointer da cond &= ~(G_IO_IN | G_IO_OUT); handler_info *info = (handler_info *)data; + loop = info->loop; + handler = info->handler; + retvm_if(!loop || !handler, FALSE, "Invalid event info"); + id = info->id; fd = info->fd; - term = info->loop->is_terminator(fd); + term = loop->is_terminator(fd); if (cond & G_IO_NVAL) return FALSE; - bool ret = info->handler->handle(fd, (event_condition)cond); + ret = handler->handle(fd, (event_condition)cond); if (!ret && !term) { - info->loop->remove_event(id); + loop->remove_event(id); return FALSE; } -- 2.7.4