From 85f4d299639e7ea6111a4fb538164ef1beefa2c1 Mon Sep 17 00:00:00 2001
From: Deokhyun Kim <dukan.kim@samsung.com>
Date: Tue, 2 Jun 2020 19:47:15 +0900
Subject: [PATCH] Fix mem leak

Change-Id: I3da1dfa1b14811b00d82afaa5880173fd03edd49
Signed-off-by: Deokhyun Kim <dukan.kim@samsung.com>
Signed-off-by: Wootak Jung <wootak.jung@samsung.com>
---
 bt-api/bt-event-handler.c                          |  10 +-
 bt-api/bt-gatt-service.c                           | 168 ++++++++++-----------
 bt-oal/bluez_hal/src/bt-hal-adapter-dbus-handler.c |   1 +
 bt-oal/bluez_hal/src/bt-hal-agent.c                |  30 ++--
 bt-oal/bluez_hal/src/bt-hal-gap-agent.c            |   2 +-
 bt-otp/bt-otpserver.c                              |   4 +-
 .../services/obex/bt-service-obex-event-receiver.c |   4 +-
 7 files changed, 110 insertions(+), 109 deletions(-)

diff --git a/bt-api/bt-event-handler.c b/bt-api/bt-event-handler.c
index e114d6f..64c22a5 100644
--- a/bt-api/bt-event-handler.c
+++ b/bt-api/bt-event-handler.c
@@ -1051,7 +1051,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
 		int link_type;
 		gboolean rssi_enabled = FALSE;
 
-		g_variant_get(parameters, "(isib)", &result, &address,
+		g_variant_get(parameters, "(i&sib)", &result, &address,
 					&link_type, &rssi_enabled);
 
 		BT_DBG("RSSI Enabled[Address:%s LinkType:%d RSSI_dbm:%d]",
@@ -1070,7 +1070,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
 		int link_type;
 		bt_rssi_alert_t alert = { 0, };
 
-		g_variant_get(parameters, "(isiii)", &result, &address,
+		g_variant_get(parameters, "(i&siii)", &result, &address,
 					&link_type, &alert_type, &rssi_dbm);
 
 		alert.alert_type = alert_type;
@@ -1088,7 +1088,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
 		char *address;
 		bt_raw_rssi_t raw_rssi = { 0, };
 
-		g_variant_get(parameters, "(isii)", &result,
+		g_variant_get(parameters, "(i&sii)", &result,
 					&address, &link_type, &rssi_dbm);
 
 		BT_DBG("Address [%s] Link Type[%d] dBm[%d]",
@@ -1235,7 +1235,7 @@ void __bt_device_event_filter(GDBusConnection *connection,
 
 		BT_DBG("BT_PXP_PROPERTY_CHANGED");
 
-		g_variant_get(parameters, "(isiii)", &result, &address, &role, &type, &level);
+		g_variant_get(parameters, "(i&siii)", &result, &address, &role, &type, &level);
 
 		_bt_convert_addr_string_to_type(dev_address.addr, address);
 		memcpy(&params.device_address, &dev_address, BLUETOOTH_ADDRESS_LENGTH);
@@ -2248,7 +2248,7 @@ void __bt_map_client_event_filter(GDBusConnection *connection,
 			GVariant* value = NULL;
 			while (g_variant_iter_loop(res, "{sv}", &key, &value)) {
 				char* string_value = NULL;
-				g_variant_get(value, "s", &string_value);
+				g_variant_get(value, "&s", &string_value);
 				BT_DBG("got folder name: %s", string_value);
 				folders_struct.names[i] = strdup(string_value);
 			}
diff --git a/bt-api/bt-gatt-service.c b/bt-api/bt-gatt-service.c
index aa514d9..8e55440 100644
--- a/bt-api/bt-gatt-service.c
+++ b/bt-api/bt-gatt-service.c
@@ -3216,108 +3216,108 @@ void  bluetooth_gatt_server_send_acquire_write_response(GVariant * parameters)
 
 void  bluetooth_gatt_server_send_acquire_notify_response(GVariant * parameters, bt_event_info_t *event_info)
 {
-			int con_id  =  -1;
-			int tran_id  =  -1;
-			int att_han  =  -1;
-			int pipefd[2] = {-1,};
-			int mtu  = -1;
-			int offset  = -1;
-			char err_msg[512] = {'\0'};
-			GIOChannel *channel = NULL;
-			int result =  -1;
-			int fd = -1;
-			bluetooth_gatt_acquire_notify_info_t *chr_info;
-			const char *address = NULL;
-
-			g_variant_get(parameters, "(iiiiiis)",
-							&result,
-							&con_id,
-							&tran_id,
-							&att_han,
-							&mtu,
-							&offset,
-							&address);
-
-				BT_DBG("GATT ServerAcquire  Conn ID:   [%d]", con_id);
-				BT_DBG("GATT Server Acquire notify  att handle:[%d]", att_han);
-				BT_DBG("GATT Server Acquire Notify Offset:    [%d]", offset);
-				BT_DBG("GATT Server Acquire Notify address:    [%s]", address);
-
-
-			if (socketpair(AF_UNIX, SOCK_STREAM, 0, pipefd) < 0) {
-					strerror_r(errno, err_msg, sizeof(err_msg));
-					BT_ERR("socketpair(): %s", err_msg);
-					return ;
-				}
+	int con_id  =  -1;
+	int tran_id  =  -1;
+	int att_han  =  -1;
+	int pipefd[2] = {-1,};
+	int mtu  = -1;
+	int offset  = -1;
+	char err_msg[512] = {'\0'};
+	GIOChannel *channel = NULL;
+	int result =  -1;
+	int fd = -1;
+	bluetooth_gatt_acquire_notify_info_t *chr_info;
+	const char *address = NULL;
 
-				fd = pipefd[0];
+	g_variant_get(parameters, "(iiiiii&s)",
+					&result,
+					&con_id,
+					&tran_id,
+					&att_han,
+					&mtu,
+					&offset,
+					&address);
 
-				BT_INIT_PARAMS();
-				BT_ALLOC_PARAMS(in_param1, in_param2, in_param3, in_param4, out_param);
+		BT_DBG("GATT ServerAcquire  Conn ID:   [%d]", con_id);
+		BT_DBG("GATT Server Acquire notify  att handle:[%d]", att_han);
+		BT_DBG("GATT Server Acquire Notify Offset:    [%d]", offset);
+		BT_DBG("GATT Server Acquire Notify address:    [%s]", address);
 
-				//param1 = g_array_new(TRUE, TRUE, sizeof(gchar));
-				bluetooth_gatt_server_acquire_response_params_t  data;
-				data.req_type  = BLUETOOTH_GATT_REQUEST_TYPE_ACQUIRE_NOTIFY;
-				data.fd = pipefd[1];
-				data.mtu = mtu;
-				data.request_id = tran_id;
 
-				BT_INFO("FD write %d   characterstics path   \n", pipefd[0]);
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pipefd) < 0) {
+			strerror_r(errno, err_msg, sizeof(err_msg));
+			BT_ERR("socketpair(): %s", err_msg);
+			return ;
+	}
 
-				chr_info = bluetooth_get_characteristic_info_from_path(att_han);
-				if (!chr_info) {
-					chr_info = g_malloc0(sizeof(bluetooth_gatt_acquire_notify_info_t));
-					chr_info->write_fd = fd;
-					chr_info->att_hand = att_han;
+	fd = pipefd[0];
 
-					gatt_characteristic_server_notify_list = g_slist_append(gatt_characteristic_server_notify_list, chr_info);
-				} else
-					chr_info->write_fd = fd;
+	BT_INIT_PARAMS();
+	BT_ALLOC_PARAMS(in_param1, in_param2, in_param3, in_param4, out_param);
 
-				channel = g_io_channel_unix_new(fd);
-				g_io_channel_set_encoding(channel, NULL, NULL);
-				g_io_channel_set_buffered(channel, FALSE);
-				g_io_channel_set_close_on_unref(channel, TRUE);
-				g_io_channel_set_flags(channel, G_IO_FLAG_NONBLOCK, NULL);
-				g_io_add_watch(channel, (G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL),
-						bluetooth_gatt_write_channel_watch_cb, chr_info);
+	//param1 = g_array_new(TRUE, TRUE, sizeof(gchar));
+	bluetooth_gatt_server_acquire_response_params_t  data;
+	data.req_type  = BLUETOOTH_GATT_REQUEST_TYPE_ACQUIRE_NOTIFY;
+	data.fd = pipefd[1];
+	data.mtu = mtu;
+	data.request_id = tran_id;
+
+	BT_INFO("FD write %d   characterstics path   \n", pipefd[0]);
+
+	chr_info = bluetooth_get_characteristic_info_from_path(att_han);
+	if (!chr_info) {
+		chr_info = g_malloc0(sizeof(bluetooth_gatt_acquire_notify_info_t));
+		chr_info->write_fd = fd;
+		chr_info->att_hand = att_han;
+
+		gatt_characteristic_server_notify_list = g_slist_append(gatt_characteristic_server_notify_list, chr_info);
+	} else
+		chr_info->write_fd = fd;
+
+	channel = g_io_channel_unix_new(fd);
+	g_io_channel_set_encoding(channel, NULL, NULL);
+	g_io_channel_set_buffered(channel, FALSE);
+	g_io_channel_set_close_on_unref(channel, TRUE);
+	g_io_channel_set_flags(channel, G_IO_FLAG_NONBLOCK, NULL);
+	g_io_add_watch(channel, (G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL),
+			bluetooth_gatt_write_channel_watch_cb, chr_info);
 
-				 GUnixFDList *fd_list = g_unix_fd_list_new();
-				 GError *error = NULL;
+	 GUnixFDList *fd_list = g_unix_fd_list_new();
+	 GError *error = NULL;
 
-				g_unix_fd_list_append(fd_list, pipefd[1], &error);
-				g_assert_no_error(error);
-				close(pipefd[1]);
+	g_unix_fd_list_append(fd_list, pipefd[1], &error);
+	g_assert_no_error(error);
+	close(pipefd[1]);
 
-				g_array_append_vals(in_param1, &data, sizeof(bluetooth_gatt_server_acquire_response_params_t));
+	g_array_append_vals(in_param1, &data, sizeof(bluetooth_gatt_server_acquire_response_params_t));
 
-				BT_DBG("Sending event BT_GATT_SERVER_ACQUIRE_NOTIFY_RESPONSE file descriptor value [%d] ", data.fd);
+	BT_DBG("Sending event BT_GATT_SERVER_ACQUIRE_NOTIFY_RESPONSE file descriptor value [%d] ", data.fd);
 
-				result = _bt_send_request_with_unix_fd_list(BT_BLUEZ_SERVICE, BT_GATT_SERVER_ACQUIRE_NOTIFY_RESPONSE,
-						in_param1, in_param2, in_param3, in_param4, fd_list, &out_param, NULL);
+	result = _bt_send_request_with_unix_fd_list(BT_BLUEZ_SERVICE, BT_GATT_SERVER_ACQUIRE_NOTIFY_RESPONSE,
+			in_param1, in_param2, in_param3, in_param4, fd_list, &out_param, NULL);
 
-				BT_FREE_PARAMS(in_param1, in_param2, in_param3, in_param4, out_param);
+	BT_FREE_PARAMS(in_param1, in_param2, in_param3, in_param4, out_param);
 
 
-				//send
-				if (result == BLUETOOTH_ERROR_NONE) {
-					BT_DBG("sending gatt server notification state changed event");
-					bluetooth_gatt_server_notification_changed_t info;
-					bluetooth_device_address_t dev_address = { {0} };
-					memset(&info, 0x00, sizeof(bluetooth_gatt_server_notification_changed_t));
+	//send
+	if (result == BLUETOOTH_ERROR_NONE) {
+		BT_DBG("sending gatt server notification state changed event");
+		bluetooth_gatt_server_notification_changed_t info;
+		bluetooth_device_address_t dev_address = { {0} };
+		memset(&info, 0x00, sizeof(bluetooth_gatt_server_notification_changed_t));
 
-					_bt_convert_addr_string_to_type(dev_address.addr, address);
-					memcpy(info.device_address.addr,
-							dev_address.addr,
-							BLUETOOTH_ADDRESS_LENGTH);
-					info.handle = att_han;
-					info.notification = TRUE;
+		_bt_convert_addr_string_to_type(dev_address.addr, address);
+		memcpy(info.device_address.addr,
+				dev_address.addr,
+				BLUETOOTH_ADDRESS_LENGTH);
+		info.handle = att_han;
+		info.notification = TRUE;
 
-					_bt_gatt_server_event_cb(BLUETOOTH_EVENT_GATT_SERVER_NOTIFICATION_STATE_CHANGED,
-							result, &info,
-							event_info->cb, event_info->user_data);
+		_bt_gatt_server_event_cb(BLUETOOTH_EVENT_GATT_SERVER_NOTIFICATION_STATE_CHANGED,
+				result, &info,
+				event_info->cb, event_info->user_data);
 
-				}
+	}
 }
 
 void cleanup_gatt_acquire_fd(int handle)
diff --git a/bt-oal/bluez_hal/src/bt-hal-adapter-dbus-handler.c b/bt-oal/bluez_hal/src/bt-hal-adapter-dbus-handler.c
index b24f7d9..a30aa95 100644
--- a/bt-oal/bluez_hal/src/bt-hal-adapter-dbus-handler.c
+++ b/bt-oal/bluez_hal/src/bt-hal-adapter-dbus-handler.c
@@ -877,6 +877,7 @@ static gboolean __bt_adapter_all_properties_cb(gpointer user_data)
 					_bt_hal_update_le_feature_support(name, val, &le_features);
 					le_features_present = TRUE;
 				}
+				g_free(val);
 				g_variant_iter_free(iter);
 
 				if (le_features_present) {
diff --git a/bt-oal/bluez_hal/src/bt-hal-agent.c b/bt-oal/bluez_hal/src/bt-hal-agent.c
index b0d7e9c..3fe5914 100644
--- a/bt-oal/bluez_hal/src/bt-hal-agent.c
+++ b/bt-oal/bluez_hal/src/bt-hal-agent.c
@@ -395,12 +395,12 @@ void __bt_hal_get_auth_info(GVariant *reply, char *auth_info)
 static gboolean __bt_hal_pincode_request(GapAgentPrivate *agent, GDBusProxy *device)
 {
 	uint32_t device_class;
-	gchar *address;
+	gchar *address = NULL;
 	unsigned char auth_info[5] = {0, };
-	gchar *name;
+	gchar *name = NULL;
 	GVariant *reply = NULL;
 	GVariant *reply_temp = NULL;
-	GVariant *tmp_value;
+	GVariant *tmp_value = NULL;
 	DBG("+");
 
 	reply_temp = __bt_hal_service_getall(device, BT_HAL_DEVICE_INTERFACE);
@@ -518,10 +518,10 @@ static void __bt_hal_send_ssp_request_events(const gchar *address,
 static gboolean __bt_hal_display_request(GapAgentPrivate *agent, GDBusProxy *device,
 		guint passkey)
 {
-	gchar *address;
-	gchar *name;
+	gchar *address = NULL;
+	gchar *name = NULL;
 	unsigned char auth_info[5] = {0, };
-	char *str_passkey;
+	char *str_passkey = NULL;
 	uint32_t device_class;
 	GVariant *reply = NULL;
 	GVariant *reply_temp = NULL;
@@ -591,13 +591,13 @@ done:
 /* SSP */
 static gboolean __bt_hal_passkey_request(GapAgentPrivate *agent, GDBusProxy *device)
 {
-	gchar *address;
-	gchar *name;
+	gchar *address = NULL;
+	gchar *name = NULL;
 	unsigned char auth_info[5] = {0, };
 	uint32_t device_class;
 	GVariant *reply = NULL;
 	GVariant *reply_temp = NULL;
-	GVariant *tmp_value;
+	GVariant *tmp_value = NULL;
 	DBG("+");
 
 	reply_temp = __bt_hal_service_getall(device, BT_HAL_DEVICE_INTERFACE);
@@ -656,13 +656,13 @@ done:
 static gboolean __bt_hal_confirm_request(GapAgentPrivate *agent, GDBusProxy *device,
 		guint passkey)
 {
-	gchar *address;
-	gchar *name;
+	gchar *address = NULL;
+	gchar *name = NULL;
 	char str_passkey[7];
 	uint32_t device_class;
 	GVariant *reply_temp = NULL;
 	GVariant *reply = NULL;
-	GVariant *tmp_value;
+	GVariant *tmp_value = NULL;
 	DBG("+ passkey[%.6d]", passkey);
 	DBG("Agent Path [%s]", agent->path);
 
@@ -729,13 +729,13 @@ done:
 static gboolean __bt_hal_authorize_request(GapAgentPrivate *agent, GDBusProxy *device,
 		const char *uuid)
 {
-	gchar *address;
-	gchar *name;
+	gchar *address = NULL;
+	gchar *name = NULL;
 	gboolean trust;
 	gboolean paired;
 	GVariant *reply = NULL;
 	GVariant *reply_temp = NULL;
-	GVariant *tmp_value;
+	GVariant *tmp_value = NULL;
 #ifdef TIZEN_FEATURE_BT_RFCOMM_DIRECT
 	bt_hal_agent_osp_server_t *osp_server;
 #endif
diff --git a/bt-oal/bluez_hal/src/bt-hal-gap-agent.c b/bt-oal/bluez_hal/src/bt-hal-gap-agent.c
index 6fd38bf..e035ae2 100644
--- a/bt-oal/bluez_hal/src/bt-hal-gap-agent.c
+++ b/bt-oal/bluez_hal/src/bt-hal-gap-agent.c
@@ -411,7 +411,7 @@ static gboolean __gap_agent_unregister(GapAgentPrivate *agent)
 	}
 
 	reply = g_dbus_proxy_call_sync(agent_manager, "UnregisterAgent",
-			g_variant_new("o", priv->path),
+			g_variant_new("(o)", priv->path),
 			G_DBUS_CALL_FLAGS_NONE, -1,
 			NULL, &error);
 	g_object_unref(agent_manager);
diff --git a/bt-otp/bt-otpserver.c b/bt-otp/bt-otpserver.c
index 81d915c..76a8d9e 100644
--- a/bt-otp/bt-otpserver.c
+++ b/bt-otp/bt-otpserver.c
@@ -693,7 +693,7 @@ static void _bt_otp_method(GDBusConnection *connection,
 		struct stat st;
 		struct object_metadata *object = NULL;
 
-		g_variant_get(parameters, "(s)", &directory);
+		g_variant_get(parameters, "(&s)", &directory);
 		BT_DBG("Directory = [%s]", directory);
 
 		dir = g_dir_open(directory, 0, &error);
@@ -789,7 +789,7 @@ fail:
 		char address[BT_ADDRESS_STRING_SIZE] = { 0 };
 		int fd;
 
-		g_variant_get(parameters, "(oh)", &dev_path, &index);
+		g_variant_get(parameters, "(&oh)", &dev_path, &index);
 
 		msg = g_dbus_method_invocation_get_message(invocation);
 		fd_list = g_dbus_message_get_unix_fd_list(msg);
diff --git a/bt-service-adaptation/services/obex/bt-service-obex-event-receiver.c b/bt-service-adaptation/services/obex/bt-service-obex-event-receiver.c
index 0b5614f..6566463 100644
--- a/bt-service-adaptation/services/obex/bt-service-obex-event-receiver.c
+++ b/bt-service-adaptation/services/obex/bt-service-obex-event-receiver.c
@@ -142,7 +142,7 @@ static int __bt_get_owner_info(GVariant *msg, char **name,
 static int __bt_get_agent_signal_info(GVariant *msg, char **address,
 				char **name, char **uuid)
 {
-	g_variant_get(msg, "(sss)", address, name, uuid);
+	g_variant_get(msg, "(&s&s&s)", address, name, uuid);
 	return BLUETOOTH_ERROR_NONE;
 }
 
@@ -386,7 +386,7 @@ void _bt_handle_agent_event(GVariant *msg, const char *member)
 
 	if (strcasecmp(member, "ObexAuthorize") == 0) {
 		__bt_get_agent_signal_info(msg, &address, &name, &uuid);
-		param = g_variant_new("(i&s&s)", result, address, name);
+		param = g_variant_new("(iss)", result, address, name);
 		_bt_send_event(BT_OPP_SERVER_EVENT,
 			BLUETOOTH_EVENT_OBEX_SERVER_CONNECTION_AUTHORIZE,
 			param);
-- 
2.7.4