aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorraquel medina <raquel.medina@konsulko.com>2019-01-04 18:24:24 +0200
committerMatt Ranostay <matt.ranostay@konsulko.com>2019-01-04 23:28:20 +0000
commit9a66246d00e88cf44456efae734a7a12c63f4689 (patch)
tree88ff01a96fb6b8738e369fd01774800fa0cd774e
parentce12824f1426b565d56a0d681af61261fba9a1b1 (diff)
neardal: lib: fix random memory corruption
This commit includes a neardal patch to fix the random segfault seen on agl-service-nfc. The problem (random memory corruption) was due to invalid access to freed memory on neardal library. The proposed fix has been submitted upstream and this commit is only a temporary measure while the solution is not provided directly from neardal repo. Bug-AGL: SPEC-1976 Change-Id: I21984cb8135537ff1232a4387a31688e1a140642 Signed-off-by: raquel medina <raquel.medina@konsulko.com>
-rw-r--r--meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch58
-rw-r--r--meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb5
2 files changed, 61 insertions, 2 deletions
diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch
new file mode 100644
index 000000000..d40d9a4fe
--- /dev/null
+++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch
@@ -0,0 +1,58 @@
+From ee6267f357b3d158f0a0e88460782e8b9d44274a Mon Sep 17 00:00:00 2001
+From: Raquel Medina <raquel.medina@konsulko.com>
+Date: Fri, 4 Jan 2019 07:43:03 -0500
+Subject: [PATCH] neardal: lib: fix memory corruption
+
+ The current commit fixes an invalid memory access
+ which manifests as a random segfault when executing
+ continuous tag read operations.
+
+ The corruption happens when releasing the memory allocated to a
+ record: in the time between the memory being g_free'd and the
+ subsequent memset operation, the memory could have been reused by
+ some other process. And since memory allocation depends on
+ system-wide factors, it makes this bug hard to track.
+
+ Tested using ACR122U reader and NTAG213
+ tags on Automotive Grade Linux (flounder,
+ guppy and master branches)
+
+Signed-off-by: Raquel Medina <raquel.medina@konsulko.com>
+---
+ lib/neardal_record.c | 1 -
+ lib/neardal_tools.c | 5 ++++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/lib/neardal_record.c b/lib/neardal_record.c
+index 669012c..cfed5e8 100644
+--- a/lib/neardal_record.c
++++ b/lib/neardal_record.c
+@@ -31,7 +31,6 @@ void neardal_record_free(neardal_record *r)
+ {
+ g_return_if_fail(r);
+ neardal_g_strfreev((void **) r, &r->uriObjSize);
+- memset(r, 0, sizeof(*r));
+ }
+
+ void neardal_free_record(neardal_record *record) \
+diff --git a/lib/neardal_tools.c b/lib/neardal_tools.c
+index f0d6157..f307df6 100644
+--- a/lib/neardal_tools.c
++++ b/lib/neardal_tools.c
+@@ -32,9 +32,12 @@
+ void neardal_g_strfreev(void **array, void *end)
+ {
+ void **p = array;
+- for (; (void *) p < end; p++)
++ for (; (void *) p < end; p++) {
+ g_free(*p);
++ *p = NULL;
++ }
+ g_free(array);
++ array = NULL;
+ }
+
+ void neardal_g_variant_add_parsed(GVariant **v, const char *format, ...)
+--
+2.17.1
+
diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
index 022e54e26..8bec79e67 100644
--- a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
+++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb
@@ -2,7 +2,8 @@ require neardal.inc
SRC_URI = "https://github.com/connectivity/neardal/archive/${PV}.tar.gz \
file://ncl.patch \
- file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch \
- "
+ file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch \
+ file://0002-neardal-lib-fix-memory-corruption.patch \
+ "
SRC_URI[md5sum] = "3dbda58253ca30ee6a7a7573eaa68f40"
SRC_URI[sha256sum] = "157d320bd831d91a82203d9697d2d2a2cebdb515d6e1c4ce04fe8ef27d1da615"