diff options
author | raquel medina <raquel.medina@konsulko.com> | 2019-01-04 18:24:24 +0200 |
---|---|---|
committer | raquel medina <raquel.medina@konsulko.com> | 2019-01-08 16:09:06 +0000 |
commit | 7ae5050e7d993fc25228fd5478fec66301b9c71f (patch) | |
tree | d53ca90361d566a3f6258a63d83f3f817019d3b3 | |
parent | 62193151c121536114c0f0fc652859685f65649f (diff) |
neardal: lib: fix random memory corruption
This commit includes a neardal patch to fix
the random segfault seen on agl-service-nfc.
The problem (random memory corruption)
was due to invalid access to freed
memory on neardal library.
The proposed fix has been submitted upstream
and this commit is only a temporary measure
while the solution is not provided directly from
neardal repo.
Bug-AGL: SPEC-1976
Change-Id: I21984cb8135537ff1232a4387a31688e1a140642
Signed-off-by: raquel medina <raquel.medina@konsulko.com>
(cherry picked from commit 9a66246d00e88cf44456efae734a7a12c63f4689)
-rw-r--r-- | meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch | 58 | ||||
-rw-r--r-- | meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb | 5 |
2 files changed, 61 insertions, 2 deletions
diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch new file mode 100644 index 000000000..d40d9a4fe --- /dev/null +++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal/0002-neardal-lib-fix-memory-corruption.patch @@ -0,0 +1,58 @@ +From ee6267f357b3d158f0a0e88460782e8b9d44274a Mon Sep 17 00:00:00 2001 +From: Raquel Medina <raquel.medina@konsulko.com> +Date: Fri, 4 Jan 2019 07:43:03 -0500 +Subject: [PATCH] neardal: lib: fix memory corruption + + The current commit fixes an invalid memory access + which manifests as a random segfault when executing + continuous tag read operations. + + The corruption happens when releasing the memory allocated to a + record: in the time between the memory being g_free'd and the + subsequent memset operation, the memory could have been reused by + some other process. And since memory allocation depends on + system-wide factors, it makes this bug hard to track. + + Tested using ACR122U reader and NTAG213 + tags on Automotive Grade Linux (flounder, + guppy and master branches) + +Signed-off-by: Raquel Medina <raquel.medina@konsulko.com> +--- + lib/neardal_record.c | 1 - + lib/neardal_tools.c | 5 ++++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/neardal_record.c b/lib/neardal_record.c +index 669012c..cfed5e8 100644 +--- a/lib/neardal_record.c ++++ b/lib/neardal_record.c +@@ -31,7 +31,6 @@ void neardal_record_free(neardal_record *r) + { + g_return_if_fail(r); + neardal_g_strfreev((void **) r, &r->uriObjSize); +- memset(r, 0, sizeof(*r)); + } + + void neardal_free_record(neardal_record *record) \ +diff --git a/lib/neardal_tools.c b/lib/neardal_tools.c +index f0d6157..f307df6 100644 +--- a/lib/neardal_tools.c ++++ b/lib/neardal_tools.c +@@ -32,9 +32,12 @@ + void neardal_g_strfreev(void **array, void *end) + { + void **p = array; +- for (; (void *) p < end; p++) ++ for (; (void *) p < end; p++) { + g_free(*p); ++ *p = NULL; ++ } + g_free(array); ++ array = NULL; + } + + void neardal_g_variant_add_parsed(GVariant **v, const char *format, ...) +-- +2.17.1 + diff --git a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb index 022e54e26..8bec79e67 100644 --- a/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb +++ b/meta-agl-profile-core/recipes-connectivity/neardal/neardal_0.14.bb @@ -2,7 +2,8 @@ require neardal.inc SRC_URI = "https://github.com/connectivity/neardal/archive/${PV}.tar.gz \ file://ncl.patch \ - file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch \ - " + file://0001-neardal-ncl-fix-segfault-on-help-page-being-displaye.patch \ + file://0002-neardal-lib-fix-memory-corruption.patch \ + " SRC_URI[md5sum] = "3dbda58253ca30ee6a7a7573eaa68f40" SRC_URI[sha256sum] = "157d320bd831d91a82203d9697d2d2a2cebdb515d6e1c4ce04fe8ef27d1da615" |