[IOT-3083] IUT crash while batch update by href 35/25735/3
authorBiman Paul <biman.paul@samsung.com>
Fri, 8 Jun 2018 10:25:03 +0000 (15:55 +0530)
committerNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Thu, 14 Jun 2018 21:47:38 +0000 (21:47 +0000)
IUT crash occured while executing CTT Server Testcase 1.2.13
Batch update by href. Double free occured for server request
handle. Once in HandleSingleResponse() and another in
HandleAggregateResponse().
6  0x00007ffff705f452 in OICFree (ptr=0x7fffd400d6f0)
    at resource/c_common/oic_malloc/src/oic_malloc.c:150
7  0x00007ffff729da8e in DeleteServerRequest (serverRequest=0x7fffd40008c0)
    at resource/csdk/stack/src/ocserverrequest.c:412
8  0x00007ffff729eaf1 in HandleAggregateResponse (ehResponse=0x7fffe8dcc450)
    at resource/csdk/stack/src/ocserverrequest.c:892

Change-Id: I69ca3d5a0fe59626b545047530b68fd0cfdd27ad
Signed-off-by: Biman Paul <biman.paul@samsung.com>
resource/csdk/stack/include/internal/tree.h
resource/csdk/stack/src/ocserverrequest.c

index 9ee6388..1965e2c 100644 (file)
@@ -813,12 +813,21 @@ name##_RBL_REMOVE(struct name *head, struct type *elm)                    \
                elm = RB_REMOVE(name, head, elm);                       \
        }                                                               \
        return elm;                                                     \
+}                                                              \
+                                                               \
+attr struct type *                                                     \
+name##_RBL_FIND(struct name *head, struct type *elm)                   \
+{                                                                      \
+       elm = RB_FIND(name, head, elm);                 \
+       return elm;                                                     \
 }
 
 #define RBL_INSERT(name, x, y) name##_RBL_INSERT(x, y)
 
 #define RBL_REMOVE(name, x, y) name##_RBL_REMOVE(x, y)
 
+#define RBL_FIND(name, x, y)   name##_RBL_FIND(x, y)
+
 #ifdef _KERNEL
 
 /*
index c65cc99..65bf85a 100644 (file)
@@ -408,6 +408,11 @@ void DeleteServerRequest(OCServerRequest * serverRequest)
 {
     if (serverRequest)
     {
+        if (!RBL_FIND(ServerRequestTree, &g_serverRequestTree, serverRequest))
+        {
+            return;
+        }
+
         RBL_REMOVE(ServerRequestTree, &g_serverRequestTree, serverRequest);
         OICFree(serverRequest->requestToken);
         OICFree(serverRequest);