Fix wrong memory management

 - Resource leak
 - Use after free

Change-Id: Ia9059bd03f9e87d3078d91f2d113857c3304d836
Signed-off-by: jusung son <jusung07.son@samsung.com>

diff --git a/src/message_port_local.c b/src/message_port_local.c
index 5b61c85..27b3739 100755 (executable)
--- a/src/message_port_local.c
+++ b/src/message_port_local.c
@@ -419,12 +419,14 @@ static int __create_port_key_info(
                calloc(1, sizeof(port_key_info_s));
        if (_key_info == NULL) {
                ret_val = MESSAGE_PORT_ERROR_OUT_OF_MEMORY;
+               _LOGE("out of memory");
                goto out;
        }
 
        _key_info->port_name = strdup(port_info->port_name);
        if (_key_info->port_name == NULL) {
                ret_val = MESSAGE_PORT_ERROR_OUT_OF_MEMORY;
+               _LOGE("out of memory");
                goto out;
        }
 
@@ -433,20 +435,20 @@ static int __create_port_key_info(
        _key_info->remote_app_id = strdup(port_info->remote_app_info->remote_app_id);
        if (_key_info->remote_app_id == NULL) {
                ret_val = MESSAGE_PORT_ERROR_OUT_OF_MEMORY;
+               _LOGE("out of memory");
                goto out;
        }
 
 out:
-       if (ret_val == MESSAGE_PORT_ERROR_OUT_OF_MEMORY) {
-               _LOGE("out of memory");
+       if (ret_val == MESSAGE_PORT_ERROR_NONE) {
+               *key_info = _key_info;
+       } else {
                if (_key_info) {
                        FREE_AND_NULL(_key_info->port_name);
                        FREE_AND_NULL(_key_info->remote_app_id);
                        free(_key_info);
                }
        }
-
-       *key_info = _key_info;
        return ret_val;
 }
 

diff --git a/src/message_port_remote.c b/src/message_port_remote.c
index 73778c9..e39f0cc 100755 (executable)
--- a/src/message_port_remote.c
+++ b/src/message_port_remote.c
@@ -462,6 +462,15 @@ static message_port_callback_info_s *__create_callback_info(message_port_local_p
                goto out;
        }
 
+       callback_info->local_id = mi->local_id;
+       callback_info->local_info = local_info;
+       callback_info->remote_app_id = strdup(local_appid);
+       if (callback_info->remote_app_id == NULL) {
+               ret = false;
+               _LOGE("out of memory");
+               goto out;
+       }
+
        local_info->port_name = strdup(mi->port_name);
        if (local_info->port_name == NULL) {
                ret = false;
@@ -474,14 +483,6 @@ static message_port_callback_info_s *__create_callback_info(message_port_local_p
        local_info->local_id = mi->local_id;
        local_info->user_data = mi->user_data;
 
-       callback_info->local_id = local_info->local_id;
-       callback_info->local_info = local_info;
-       callback_info->remote_app_id = strdup(local_appid);
-       if (callback_info->remote_app_id == NULL) {
-               ret = false;
-               _LOGE("out of memory");
-       }
-
 out:
        if (ret == false) {
                __callback_info_free(callback_info);