diff mbox series

[BlueZ,v2,1/1] mesh: Fix double-free

Message ID 20200520162005.838134-2-brian.gix@intel.com (mailing list archive)
State Accepted
Headers show
Series mesh: firx double-free | expand

Commit Message

Brian Gix May 20, 2020, 4:20 p.m. UTC 
Fixing a prior memory leak created a double-free error when destroying
the NVM sorage of a node. We have two situations where we want to
discard a nodes dytnamic memory:

1. When the node is being deleted at runtime.  This causes release of
   both dynamic memory and NVM storage.

2. During shutdown, we release dynamic memory only.

This patch ensures that after node deletion releases dynamic memory,
the pointers to it are cleared, avoiding a second free attempt.
---
 mesh/mesh-config-json.c | 2 +-
 mesh/mesh-config.h      | 2 +-
 mesh/node.c             | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 6567d761c..0f125b95e 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -2309,7 +2309,7 @@  bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
 	return true;
 }
 
-void mesh_config_destroy(struct mesh_config *cfg)
+void mesh_config_release_nvm(struct mesh_config *cfg)
 {
 	char *node_dir, *node_name;
 	char uuid[33];
diff --git a/mesh/mesh-config.h b/mesh/mesh-config.h
index 25002f5a7..d55bcb991 100644
--- a/mesh/mesh-config.h
+++ b/mesh/mesh-config.h
@@ -114,7 +114,7 @@  typedef bool (*mesh_config_node_func_t)(struct mesh_config_node *node,
 bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
 							void *user_data);
 void mesh_config_release(struct mesh_config *cfg);
-void mesh_config_destroy(struct mesh_config *cfg);
+void mesh_config_release_nvm(struct mesh_config *cfg);
 bool mesh_config_save(struct mesh_config *cfg, bool no_wait,
 				mesh_config_status_func_t cb, void *user_data);
 struct mesh_config *mesh_config_create(const char *cfgdir_name,
diff --git a/mesh/node.c b/mesh/node.c
index 2b4b3a563..a675c831d 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -352,8 +352,7 @@  void node_remove(struct mesh_node *node)
 
 	l_queue_remove(nodes, node);
 
-	if (node->cfg)
-		mesh_config_destroy(node->cfg);
+	mesh_config_release_nvm(node->cfg);
 
 	free_node_resources(node);
 }