Fix use-after-free crash during get empty codec slot

author Seungbae Shin <seungbae.shin@samsung.com>

Fri, 19 May 2017 10:34:02 +0000 (19:34 +0900)

committer Seungbae Shin <seungbae.shin@samsung.com>

Tue, 4 Jul 2017 09:50:38 +0000 (18:50 +0900)
author Seungbae Shin <seungbae.shin@samsung.com>
Fri, 19 May 2017 10:34:02 +0000 (19:34 +0900)
committer Seungbae Shin <seungbae.shin@samsung.com>
Tue, 4 Jul 2017 09:50:38 +0000 (18:50 +0900)
diff --git a/packaging/libmm-sound.spec b/packaging/libmm-sound.spec

index 2924c67..f66b188 100644 (file)
--- a/packaging/libmm-sound.spec
+++ b/packaging/libmm-sound.spec
@@ -1,6 +1,6 @@
  Name:       libmm-sound
  Summary:    MMSound Package contains client lib and sound_server binary
-Version:    0.11.8
+Version:    0.11.9
  Release:    0
  Group:      System/Libraries
  License:    Apache-2.0
diff --git a/server/mm_sound_mgr_codec.c b/server/mm_sound_mgr_codec.c

index 0db1eaa..b04aa88 100644 (file)
--- a/server/mm_sound_mgr_codec.c
+++ b/server/mm_sound_mgr_codec.c
@@ -196,27 +196,23 @@ static int _mm_sound_mgr_codec_slot_get_empty(int *slot)
  
         SLOT_LOCK();
  
-       for (slotid = SOUND_SLOT_START; slotid < MANAGER_HANDLE_MAX ; slotid++) {
-               if (g_slots[slotid].status == STATUS_IDLE) {
-                       g_slots[slotid].status = STATUS_SOUND;
-                       break;
+       while (1) {
+               for (slotid = SOUND_SLOT_START; slotid < MANAGER_HANDLE_MAX ; slotid++) {
+                       if (g_slots[slotid].status == STATUS_IDLE) {
+                               g_slots[slotid].status = STATUS_SOUND;
+                               break;
+                       }
                 }
-       }
-
-       if (slotid < MANAGER_HANDLE_MAX) {
-               debug_msg("New handle allocated (codec slot ID : [%d])\n", slotid);
-               *slot = slotid;
  
-               _mm_sound_mgr_codec_shutdown_timer_stop();
-
-       } else {
-               debug_warning("Handle is full handle : [%d]\n", slotid);
-               *slot = -1;
-               /* Temporal code for reset */
-               while (slotid--) {
-                       g_slots[slotid].status = STATUS_IDLE;
+               if (slotid < MANAGER_HANDLE_MAX) {
+                       debug_msg("New handle allocated (codec slot ID : [%d])", slotid);
+                       *slot = slotid;
+                       break;
                 }
-               err = MM_ERROR_SOUND_INTERNAL;
+
+               /* FIXME: avoiding infinite wait is required */
+               debug_warning("Handle is full..wait for a while and will retry...");
+               sleep(1);
         }
  
         SLOT_UNLOCK();
author	Seungbae Shin <seungbae.shin@samsung.com>
	Fri, 19 May 2017 10:34:02 +0000 (19:34 +0900)
committer	Seungbae Shin <seungbae.shin@samsung.com>
	Tue, 4 Jul 2017 09:50:38 +0000 (18:50 +0900)
packaging/libmm-sound.spec		patch \| blob \| history
server/mm_sound_mgr_codec.c		patch \| blob \| history