From d752ea59ef758440865b6f15691d2f0573e74a19 Mon Sep 17 00:00:00 2001 From: Eunhae Choi Date: Thu, 5 Jan 2017 22:40:32 +0900 Subject: [PATCH] [v0.3.43] check last modified time of socket fd not to send data via invalid socket Change-Id: I904481c9453cbff408a0b6837615fc6f43807421 --- packaging/capi-media-player.spec | 2 +- src/player.c | 39 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/packaging/capi-media-player.spec b/packaging/capi-media-player.spec index 70befa7..971977f 100644 --- a/packaging/capi-media-player.spec +++ b/packaging/capi-media-player.spec @@ -1,6 +1,6 @@ Name: capi-media-player Summary: A Media Player API -Version: 0.3.42 +Version: 0.3.43 Release: 0 Group: Multimedia/API License: Apache-2.0 diff --git a/src/player.c b/src/player.c index 763f6e7..c0865e5 100644 --- a/src/player.c +++ b/src/player.c @@ -47,6 +47,8 @@ #endif #define INVALID_DEFAULT_VALUE -1 +#define MAX_S_PATH_LEN 32 + typedef struct { tbm_fd tfd[MUSE_NUM_FD]; @@ -64,6 +66,7 @@ typedef struct { intptr_t remote_pkt; gint fd; bool use_tsurf_pool; + struct timespec fd_time; } _media_pkt_fin_data; /* @@ -120,14 +123,35 @@ int _player_media_packet_finalize(media_packet_h pkt, int error_code, void *user } if (muse_core_ipc_fd_is_valid(fin_data->fd)) { + struct stat stat_results = {0, }; + char s_path[MAX_S_PATH_LEN] = {0, }; + + snprintf(s_path, MAX_S_PATH_LEN, "/proc/self/fd/%d", fin_data->fd); + + if (lstat(s_path, &stat_results) != 0) { + LOGW("[fd:%d][errno:%d] lstat error", fin_data->fd, errno); + /* do not exit here to avoid mem leak in muse demon */ + } else { + if ((fin_data->fd_time.tv_sec != stat_results.st_mtim.tv_sec) || + (fin_data->fd_time.tv_nsec != stat_results.st_mtim.tv_nsec)) { + LOGE("[fd:%d][%d:%ld][%d:%ld] is invalid", fin_data->fd, + fin_data->fd_time.tv_sec, fin_data->fd_time.tv_nsec, + stat_results.st_mtim.tv_sec, stat_results.st_mtim.tv_nsec); + goto EXIT; + } + } + packet = fin_data->remote_pkt; snd_msg = muse_core_msg_json_factory_new(api, MUSE_TYPE_POINTER, "packet", packet, 0); snd_len = muse_core_ipc_send_msg(fin_data->fd, snd_msg); muse_core_msg_json_factory_free(snd_msg); if (snd_len <= 0) - LOGE("fail to send msg."); + LOGE("[fd:%d] fail to send msg.", fin_data->fd); + } else { + LOGE("[fd:%d] is invalid.", fin_data->fd); } + EXIT: if (fin_data) { g_free(fin_data); @@ -693,6 +717,8 @@ static void __media_packet_video_frame_cb_handler(callback_cb_info_s * cb_info, uint64_t pts = 0; int i = 0; muse_core_msg_parse_err_e err = MUSE_MSG_PARSE_ERROR_NONE; + struct stat stat_results = {0, }; + char s_path[MAX_S_PATH_LEN] = {0, }; void *jobj = muse_core_msg_json_object_new(recv_data->buffer, NULL, &err); if (!jobj || @@ -802,7 +828,7 @@ static void __media_packet_video_frame_cb_handler(callback_cb_info_s * cb_info, } } - fin_data = g_new(_media_pkt_fin_data, 1); + fin_data = g_new0(_media_pkt_fin_data, 1); if (!fin_data) { LOGE("failed to alloc fin_data"); goto ERROR; @@ -810,6 +836,13 @@ static void __media_packet_video_frame_cb_handler(callback_cb_info_s * cb_info, fin_data->remote_pkt = packet; fin_data->fd = cb_info->fd; fin_data->use_tsurf_pool = cb_info->use_tsurf_pool; + + snprintf(s_path, MAX_S_PATH_LEN, "/proc/self/fd/%d", fin_data->fd); + if (lstat(s_path, &stat_results) != 0) + LOGW("[fd:%d][errno:%d] lstat error", fin_data->fd, errno); + else /* Keep the Time of last modified of socket */ + fin_data->fd_time = stat_results.st_mtim; + ret = media_packet_create_from_tbm_surface(cb_info->pkt_fmt, tsurf, (media_packet_finalize_cb) _player_media_packet_finalize, (void *)fin_data, &pkt); if (ret != MEDIA_PACKET_ERROR_NONE || !pkt) { LOGE("media_packet_create_from_tbm_surface failed %d %p", ret, pkt); @@ -1545,7 +1578,7 @@ static void callback_destroy(callback_cb_info_s * cb_info) g_return_if_fail(cb_info); if (cb_info->fd > INVALID_DEFAULT_VALUE) - muse_core_connection_close(cb_info->fd); + muse_core_connection_close(cb_info->fd); /* fd close and unlink symbolic path */ if (cb_info->data_fd > INVALID_DEFAULT_VALUE) muse_core_connection_close(cb_info->data_fd); cb_info->fd = cb_info->data_fd = INVALID_DEFAULT_VALUE; -- 2.7.4