Fix callback info management bug

When first callback info removed by socket disconnect(sender die)
callback info hash value will reference freed address and it cause crash

Change-Id: Ia50713ab8198270316c1b1ee8369464d47229bb2
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>

diff --git a/src/message-port.c b/src/message-port.c
index 15f94be..2e54cff 100755 (executable)
--- a/src/message-port.c
+++ b/src/message-port.c
@@ -141,7 +141,7 @@ static void __callback_info_free(gpointer data)
                return;
 
        if (callback_info->remote_app_id)
-               free(callback_info->remote_app_id);
+               FREE_AND_NULL(callback_info->remote_app_id);
 
        if (callback_info->gio_read != NULL) {
                g_io_channel_shutdown(callback_info->gio_read, TRUE, &error);
@@ -158,12 +158,11 @@ static void __callback_info_free(gpointer data)
                callback_info->g_src_id = 0;
        }
 
-       free(callback_info);
+       FREE_AND_NULL(callback_info);
 }
 
 static void __callback_info_free_by_info(message_port_callback_info_s *callback_info)
 {
-
        GList *callback_info_list = g_hash_table_lookup(__callback_info_hash, GUINT_TO_POINTER(callback_info->local_id));
        GList *find_list;
 
@@ -176,6 +175,7 @@ static void __callback_info_free_by_info(message_port_callback_info_s *callback_
 
        callback_info_list = g_list_remove_link(callback_info_list, find_list);
        __callback_info_free(callback_info);
+       g_list_free(find_list);
 }
 
 static void __hash_destroy_callback_info(gpointer data)
@@ -742,6 +742,7 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
        message_port_local_port_info_s *mi;
        int local_reg_id = 0;
        message_port_callback_info_s *callback_info;
+       message_port_callback_info_s *head_callback_info;
        GList *callback_info_list = NULL;
 
        char buf[1024];
@@ -842,6 +843,18 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 
                        callback_info_list = g_hash_table_lookup(__callback_info_hash, GUINT_TO_POINTER(mi->local_id));
                        if (callback_info_list == NULL) {
+                               head_callback_info = (message_port_callback_info_s *)calloc(1, sizeof(message_port_callback_info_s));
+                               if (head_callback_info == NULL) {
+                                       _LOGE("fail to alloc head_callback_info");
+                                       __callback_info_free(callback_info);
+                                       return -1;
+                               }
+                               head_callback_info->local_id = 0;
+                               head_callback_info->remote_app_id = NULL;
+                               head_callback_info->callback = NULL;
+                               head_callback_info->gio_read = NULL;
+                               head_callback_info->g_src_id = 0;
+                               callback_info_list = g_list_append(callback_info_list, head_callback_info);
                                callback_info_list = g_list_append(callback_info_list, callback_info);
                                g_hash_table_insert(__callback_info_hash, GUINT_TO_POINTER(mi->local_id), callback_info_list);
                        } else {