projects / platform / core / system / sensord.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 385cde1)
ASAN issue 84/203084/1
authorAvichal <avichal.a@samsung.com>
Tue, 9 Apr 2019 11:43:16 +0000 (17:13 +0530)
committerAvichal <avichal.a@samsung.com>
Tue, 9 Apr 2019 11:44:58 +0000 (17:14 +0530)
1. heap-use-after-free in enlightenment (TFDF-279,280)
2. heap-use-after-free in amd(TFDF-281,282)
THis issue  reported  on termination of sensord

Change-Id: I03e1d592e9caa93636d31d712e581c48db2d2363
Signed-off-by: Avichal <avichal.a@samsung.com>
src/shared/channel_event_handler.cpp patch | blob | history
src/shared/event_loop.cpp patch | blob | history

diff --git a/src/shared/channel_event_handler.cpp b/src/shared/channel_event_handler.cpp
index cc8a2bb..8a6b64b 100644 (file)
--- a/src/shared/channel_event_handler.cpp
+++ b/src/shared/channel_event_handler.cpp
@@ -46,13 +46,11 @@ bool channel_event_handler::handle(int fd, event_condition condition)
 
        if (condition & (EVENT_HUP)) {
                m_ch->disconnect();
-               m_ch = NULL;
                return false;
        }
 
        if (!m_ch->read_sync(msg, false)) {
                m_ch->disconnect();
-               m_ch = NULL;
                return false;
        }
 
diff --git a/src/shared/event_loop.cpp b/src/shared/event_loop.cpp
index 713cd90..881d39d 100644 (file)
--- a/src/shared/event_loop.cpp
+++ b/src/shared/event_loop.cpp
@@ -38,6 +38,9 @@ static gboolean g_io_handler(GIOChannel *ch, GIOCondition condition, gpointer da
        uint64_t id;
        int fd;
        bool term;
+       bool ret;
+       event_loop *loop;
+       event_handler *handler;
        unsigned int cond;
 
        cond = (unsigned int)condition;
@@ -46,17 +49,21 @@ static gboolean g_io_handler(GIOChannel *ch, GIOCondition condition, gpointer da
                cond &= ~(G_IO_IN | G_IO_OUT);
 
        handler_info *info = (handler_info *)data;
+       loop = info->loop;
+       handler = info->handler;
+       retvm_if(!loop || !handler, FALSE, "Invalid event info");
+
        id = info->id;
        fd = info->fd;
-       term = info->loop->is_terminator(fd);
+       term = loop->is_terminator(fd);
 
        if (cond & G_IO_NVAL)
                return FALSE;
 
-       bool ret = info->handler->handle(fd, (event_condition)cond);
+       ret = handler->handle(fd, (event_condition)cond);
 
        if (!ret && !term) {
-               info->loop->remove_event(id);
+               loop->remove_event(id);
                return FALSE;
        }
 
Domain: System / System Framework;