| Message ID | 20200720204206.226761-1-inga.stotland@intel.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [BlueZ] tools/mesh-cfgclient: Fix segfault on remote node reset | expand |
Applied On Mon, 2020-07-20 at 13:42 -0700, Inga Stotland wrote: > This fixes a segfault that is caused by freeeing non-allocated memory. > Happens upon the removal of a remote node when remote's net key and/or > app key queues are destroyed. > > __GI___libc_free (mem=0x1) at malloc.c:3102 > destroy=destroy@entry=0x55761f63a3b0 <l_free>) at ell/queue.c:107 > destroy=destroy@entry=0x55761f63a3b0 <l_free>) at ell/queue.c:82 > at tools/mesh/remote.c:140 > at tools/mesh/cfgcli.c:764 > at tools/mesh/cfgcli.c:764 > msg=0x5576213aa6f0, user_data=<optimized out>) > at tools/mesh-cfgclient.c:1522 > dbus=dbus@entry=0x55762132f860, message=message@entry=0x5576213aa6f0) > at ell/dbus-service.c:1793 > user_data=0x55762132f860) at ell/dbus.c:285 > user_data=0x55762132f940) at ell/io.c:126 > --- > tools/mesh/remote.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/tools/mesh/remote.c b/tools/mesh/remote.c > index 2a8f747d6..c74f0bec1 100644 > --- a/tools/mesh/remote.c > +++ b/tools/mesh/remote.c > @@ -134,10 +134,11 @@ uint8_t remote_del_node(uint16_t unicast) > l_queue_destroy(rmt->els[i], NULL); > remote_add_blacklisted_address(unicast + i, iv_index, true); > } > + > l_free(rmt->els); > > - l_queue_destroy(rmt->net_keys, l_free); > - l_queue_destroy(rmt->app_keys, l_free); > + l_queue_destroy(rmt->net_keys, NULL); > + l_queue_destroy(rmt->app_keys, NULL); > l_free(rmt); > > mesh_db_del_node(unicast);
diff --git a/tools/mesh/remote.c b/tools/mesh/remote.c index 2a8f747d6..c74f0bec1 100644 --- a/tools/mesh/remote.c +++ b/tools/mesh/remote.c @@ -134,10 +134,11 @@ uint8_t remote_del_node(uint16_t unicast) l_queue_destroy(rmt->els[i], NULL); remote_add_blacklisted_address(unicast + i, iv_index, true); } + l_free(rmt->els); - l_queue_destroy(rmt->net_keys, l_free); - l_queue_destroy(rmt->app_keys, l_free); + l_queue_destroy(rmt->net_keys, NULL); + l_queue_destroy(rmt->app_keys, NULL); l_free(rmt); mesh_db_del_node(unicast);
This fixes a segfault that is caused by freeeing non-allocated memory. Happens upon the removal of a remote node when remote's net key and/or app key queues are destroyed. __GI___libc_free (mem=0x1) at malloc.c:3102 destroy=destroy@entry=0x55761f63a3b0 <l_free>) at ell/queue.c:107 destroy=destroy@entry=0x55761f63a3b0 <l_free>) at ell/queue.c:82 at tools/mesh/remote.c:140 at tools/mesh/cfgcli.c:764 at tools/mesh/cfgcli.c:764 msg=0x5576213aa6f0, user_data=<optimized out>) at tools/mesh-cfgclient.c:1522 dbus=dbus@entry=0x55762132f860, message=message@entry=0x5576213aa6f0) at ell/dbus-service.c:1793 user_data=0x55762132f860) at ell/dbus.c:285 user_data=0x55762132f940) at ell/io.c:126 --- tools/mesh/remote.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)