From be037b5ebd4066f83168bf1c5d383895e69eeaad Mon Sep 17 00:00:00 2001 From: Susnata Sovalin Date: Tue, 30 Jul 2019 16:48:34 +0530 Subject: [PATCH] heap use after free fix Change-Id: I52f6985815eaa9e51aabf38fc084b77b9f566e66 Signed-off-by: Susnata Sovalin --- common/ctsvc_image_util.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/common/ctsvc_image_util.c b/common/ctsvc_image_util.c index 90a28b0..3a24a6b 100644 --- a/common/ctsvc_image_util.c +++ b/common/ctsvc_image_util.c @@ -26,6 +26,7 @@ struct image_transform { void *buffer; GCond cond; GMutex mutex; + bool timeout; }; int ctsvc_image_util_get_mimetype(image_util_colorspace_e colorspace, @@ -207,6 +208,15 @@ static void _image_transform_completed_cb(media_packet_h *dst, return; } + if(true == info->timeout) { + media_packet_destroy(*dst); + g_mutex_unlock(&info->mutex); + g_mutex_clear(&info->mutex); + g_cond_clear(&info->cond); + free(info); + return; + } + if (IMAGE_UTIL_ERROR_NONE == error) { ret = media_packet_get_buffer_size(*dst, &size); if (MEDIA_PACKET_ERROR_NONE != ret) { @@ -283,6 +293,7 @@ static int _ctsvc_image_util_transform_run(transformation_h transform, g_mutex_init(&info->mutex); g_mutex_lock(&info->mutex); + info->timeout=false; ret = image_util_transform_run(transform, packet, _image_transform_completed_cb, info); if (IMAGE_UTIL_ERROR_NONE != ret) { /* LCOV_EXCL_START */ @@ -300,10 +311,11 @@ static int _ctsvc_image_util_transform_run(transformation_h transform, /* timeout has passed */ /* LCOV_EXCL_START */ ERR("g_cond_wait_until() return FALSE"); - g_mutex_unlock(&info->mutex); - g_mutex_clear(&info->mutex); - g_cond_clear(&info->cond); - free(info); + info->timeout =true; + //g_mutex_unlock(&info->mutex); + //g_mutex_clear(&info->mutex); + //g_cond_clear(&info->cond); + //free(info); return CONTACTS_ERROR_SYSTEM; /* LCOV_EXCL_STOP */ } -- 2.7.4