[PATCH 1/1]: Fix Memory-map and Double-free Errors in Statistics Handling (was Re: Connman-0.67 Crashes and/or Hangs on Start-up)

Fri, 28 Jan 2011 13:39:36 -0800 

On Jan 28, 2011, at 12:10 PM, Grant Erickson wrote:
> On Jan 28, 2011, at 10:09 AM, Grant Erickson wrote:
>> On Jan 28, 2011, at 9:44 AM, Samuel Ortiz wrote:
>>> On Fri, Jan 28, 2011 at 09:06:12AM -0800, Grant Erickson wrote:
>>>> FYI. I need to check against GIT top-of-tree and dig into this further; 
>>>> however, with:
>>>> 
>>>>    * Wired Ethernet connected, connman-0.67 crashes on start-up
>>>>    * Wireless 802.11 WEXT, connman-0.67 hangs on start-up
>>>> 
>>>> Backtrace with wired:
>>> 
>>> Please give us a gdb backtrace or run test/backtrace src/connmand <log> 
>>> where
>>> log is the below trace.

The following patch fixes the core dump / fault issue, of which there were/are 
two core problems:

        1) Trying to memory map the statistics file on armv7l-linux-unknown-gnu 
with MAP_SHARED results in a result value from mmap of MAP_FAILED. Using 
MAP_PRIVATE works 
           correctly. This primary failure causes the secondary failure that 
leads to the segment fault.

        2) The function stats_free, called indirectly from 
g_hash_table_remove(stats_hash, service), g_free(file->name) ends up 
double-freeing file->name. It had already been 
           earlier freed in stats_file_setup, following the failure of 
status_file_remap.

diff -aruN a/src/stats.c b/src/stats.c
--- a/src/stats.c       2011-01-28 13:20:49.248299633 -0800
+++ b/src/stats.c       2011-01-28 13:19:44.824306025 -0800
@@ -223,10 +223,18 @@
        TFR(close(file->fd));
        file->fd = -1;
 
-       if (file->history_name != NULL)
+       if (file->history_name != NULL) {
                g_free(file->history_name);
-       g_free(file->name);
-       g_free(file);
+               file->history_name = NULL;
+       }
+
+       if (file->name != NULL) {
+               g_free(file->name);
+               file->name = NULL;
+       }
+
+       if (file != NULL)
+               g_free(file);
 }
 
 static void update_first(struct stats_file *file)
@@ -280,7 +288,7 @@
 
        if (file->addr == NULL) {
                addr = mmap(NULL, new_size, PROT_READ | PROT_WRITE,
-                               MAP_SHARED, file->fd, 0);
+                               MAP_PRIVATE, file->fd, 0);
        } else {
                addr = mremap(file->addr, file->len, new_size, MREMAP_MAYMOVE);
        }
----

Best regards,

Grant

_______________________________________________
connman mailing list
connman@connman.net
http://lists.connman.net/listinfo/connman

Reply via email to