[BlueZ,1/1] scr:Set property mode failed,memory leak

Commit Message

chengbo Aug. 17, 2020, 2:42 a.m. UTC

This patch will fix a memory leak,when set property mode,
it will creat a request,if failed,the data's memory do not free
---
 src/adapter.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Luiz Augusto von Dentz Aug. 17, 2020, 5:32 p.m. UTC | #1

Hi Chengbo,

On Sun, Aug 16, 2020 at 7:57 PM chengbo <515672508@qq.com> wrote:
>
> This patch will fix a memory leak,when set property mode,
> it will creat a request,if failed,the data's memory do not free
> ---
>  src/adapter.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/adapter.c b/src/adapter.c
> index 5e896a9f0..3d07921a7 100644
> --- a/src/adapter.c
> +++ b/src/adapter.c
> @@ -2917,9 +2917,10 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
>         data->id = id;
>
>         if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
> -                       property_set_mode_complete, data, g_free) > 0)
> +                       property_set_mode_complete, data, g_free) > 0) {
> +               g_free(data);
>                 return;
> -
> +       }

This is actually the other way around, if it fails then 0 is returned
and g_free is called, so this would cause a double free as g_free
would be called on destroy.

>         g_free(data);
>
>  failed:
> --
> 2.20.1
>
>
>

Patch

diff --git a/src/adapter.c b/src/adapter.c
index 5e896a9f0..3d07921a7 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -2917,9 +2917,10 @@  static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
 	data->id = id;
 
 	if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
-			property_set_mode_complete, data, g_free) > 0)
+			property_set_mode_complete, data, g_free) > 0) {
+		g_free(data);
 		return;
-
+	}
 	g_free(data);
 
 failed: