From 0d85a27fbc47bf1ea9910a6e6b79dae8ba872732 Mon Sep 17 00:00:00 2001 From: Matt Ranostay Date: Thu, 5 Dec 2019 18:21:17 -0800 Subject: binding: navigation: move get_storage_from_value call within write lock json_object returned from get_storage_from_value() needs to be protected within the write lock. This is to prevent reentrant calls to broadcast() from accessing it, and running json_object_put() Bug-AGL: SPEC-2880 Change-Id: I9fdf614728368c75e925e4c5a0f3ca19a7e517e1 Signed-off-by: Matt Ranostay --- binding/navigation-api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/binding/navigation-api.c b/binding/navigation-api.c index 19913a1..ab7a5b7 100644 --- a/binding/navigation-api.c +++ b/binding/navigation-api.c @@ -135,10 +135,12 @@ static void broadcast(afb_req_t request, const char *name, gboolean cache) json_object *jresp = afb_req_json(request); if (cache) { - json_object **storage = get_storage_from_value(ns, name); + json_object **storage; g_rw_lock_writer_lock(&ns->rw_lock); + storage = get_storage_from_value(ns, name); + if (*storage) json_object_put(*storage); -- cgit 1.2.3-korg