diff options
| author | Skylar Chang <chiaweic@codeaurora.org> | 2017-03-31 01:24:55 -0700 | 
|---|---|---|
| committer | dd3boh <dade.garberi@gmail.com> | 2017-07-12 23:03:43 +0200 | 
| commit | ca89575245ab64dfad36c2702c188bbfbf93839b (patch) | |
| tree | 7b1635a611e0fb1b86ee43759aada30c8363d57c | |
| parent | 9ba23532546ecf68c4eecee4ec9a0e9a38f23ae2 (diff) | |
ipacm: fix the heap-use-after-free issue on bootup
On device bootup, ASAN was reported IPACM has the
heap-use-after-free issue on IPACM_Netlink.cpp file
when bootup. The fix is to move the debug prints
before the events are getting posted and processed.
Change-Id: Id0a1b4e85d2d3fb027729ff6e98e25d26a9e638a
| -rw-r--r-- | data-ipa-cfg-mgr/ipacm/src/IPACM_Netlink.cpp | 32 | 
1 files changed, 16 insertions, 16 deletions
| diff --git a/data-ipa-cfg-mgr/ipacm/src/IPACM_Netlink.cpp b/data-ipa-cfg-mgr/ipacm/src/IPACM_Netlink.cpp index 30295b1..186e196 100644 --- a/data-ipa-cfg-mgr/ipacm/src/IPACM_Netlink.cpp +++ b/data-ipa-cfg-mgr/ipacm/src/IPACM_Netlink.cpp @@ -689,12 +689,12 @@ static int ipa_nl_decode_nlmsg  				/* Add IPACM support for ECM plug-in/plug_out */  				/*-------------------------------------------------------------------------- -                                   Check if the interface is running.If its a RTM_NEWLINK and the interface -                                    is running then it means that its a link up event -                                ---------------------------------------------------------------------------*/ -                                if((msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_RUNNING) && -                                   (msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_LOWER_UP)) -                                { +                   Check if the interface is running.If its a RTM_NEWLINK and the interface +                    is running then it means that its a link up event +                ---------------------------------------------------------------------------*/ +                if((msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_RUNNING) && +                   (msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_LOWER_UP)) +                {  					data_fid = (ipacm_event_data_fid *)malloc(sizeof(ipacm_event_data_fid));  					if(data_fid == NULL) @@ -712,17 +712,17 @@ static int ipa_nl_decode_nlmsg  					}  					IPACMDBG("Got a usb link_up event (Interface %s, %d) \n", dev_name, msg_ptr->nl_link_info.metainfo.ifi_index); -                                        /*-------------------------------------------------------------------------- -                                           Post LAN iface (ECM) link up event -                                         ---------------------------------------------------------------------------*/ -                                        evt_data.event = IPA_USB_LINK_UP_EVENT; +                    /*-------------------------------------------------------------------------- +                       Post LAN iface (ECM) link up event +                     ---------------------------------------------------------------------------*/ +                    evt_data.event = IPA_USB_LINK_UP_EVENT;  					evt_data.evt_data = data_fid; -					IPACM_EvtDispatcher::PostEvt(&evt_data);  					IPACMDBG_H("Posting usb IPA_LINK_UP_EVENT with if index: %d\n",  										 data_fid->if_index); -                                } -                                else if(!(msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_LOWER_UP)) -                                { +					IPACM_EvtDispatcher::PostEvt(&evt_data); +                } +                else if (!(msg_ptr->nl_link_info.metainfo.ifi_flags & IFF_LOWER_UP)) +				{  					data_fid = (ipacm_event_data_fid *)malloc(sizeof(ipacm_event_data_fid));  					if(data_fid == NULL)  					{ @@ -744,10 +744,10 @@ static int ipa_nl_decode_nlmsg  					---------------------------------------------------------------------------*/  					evt_data.event = IPA_LINK_DOWN_EVENT;  					evt_data.evt_data = data_fid; -					IPACM_EvtDispatcher::PostEvt(&evt_data);  					IPACMDBG_H("Posting usb IPA_LINK_DOWN_EVENT with if index: %d\n",  										 data_fid->if_index); -                                } +					IPACM_EvtDispatcher::PostEvt(&evt_data); +				}  			}  			break; | 
