diff options
| author | Andreas Eversberg <jolly@eversberg.eu> | 2024-02-28 11:53:21 +0100 |
|---|---|---|
| committer | laforge <laforge@osmocom.org> | 2024-03-02 09:21:43 +0000 |
| commit | da3ca9a69ef9c042887cd4ef0b9262a9465896bd (patch) | |
| tree | 2f3212fa5903adb4eeb104d7d3a0beb87d06fae6 | |
| parent | 313f5280270a0a03a6fe80470b3b60bbc9002f66 (diff) | |
stream_{cli,srv}: Free received messages when not forwarded
If a message is not forwarded (to a read callback function, it must be
freed, to prevent memory leaks.
The message musst be freed before calling osmo_stream_srv_destroy() or
stream_cli_handle_connecting(), because within the function calls the
client/server instance may get destroyed and the message is 'owned' by
it. Calling msgb_free(msg) afterwards may result in double free bug.
Related: OS#5753
Change-Id: Ic043f11cdba0df9e0b78cac8db7206800098e0ba
| -rw-r--r-- | src/stream_cli.c | 6 | ||||
| -rw-r--r-- | src/stream_srv.c | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/stream_cli.c b/src/stream_cli.c index eef442c..1197b53 100644 --- a/src/stream_cli.c +++ b/src/stream_cli.c @@ -438,6 +438,7 @@ static void stream_cli_iofd_read_cb(struct osmo_io_fd *iofd, int res, struct msg switch (cli->state) { case STREAM_CLI_STATE_CONNECTING: + msgb_free(msg); stream_cli_handle_connecting(cli, res); break; case STREAM_CLI_STATE_CONNECTED: @@ -445,6 +446,8 @@ static void stream_cli_iofd_read_cb(struct osmo_io_fd *iofd, int res, struct msg osmo_stream_cli_reconnect(cli); else if (cli->iofd_read_cb) cli->iofd_read_cb(cli, msg); + else + msgb_free(msg); break; default: osmo_panic("%s() called with unexpected state %d\n", __func__, cli->state); @@ -486,6 +489,7 @@ static void stream_cli_iofd_recvmsg_cb(struct osmo_io_fd *iofd, int res, struct switch (cli->state) { case STREAM_CLI_STATE_CONNECTING: + msgb_free(msg); stream_cli_handle_connecting(cli, res); break; case STREAM_CLI_STATE_CONNECTED: @@ -494,6 +498,8 @@ static void stream_cli_iofd_recvmsg_cb(struct osmo_io_fd *iofd, int res, struct /* Forward message to read callback, also if the connection failed. */ if (cli->iofd_read_cb) cli->iofd_read_cb(cli, msg); + else + msgb_free(msg); break; default: osmo_panic("%s() called with unexpected state %d\n", __func__, cli->state); diff --git a/src/stream_srv.c b/src/stream_srv.c index 33494fa..95a2cbb 100644 --- a/src/stream_srv.c +++ b/src/stream_srv.c @@ -562,6 +562,7 @@ static void stream_srv_iofd_read_cb(struct osmo_io_fd *iofd, int res, struct msg if (OSMO_UNLIKELY(res <= 0)) { /* This connection is dead, destroy it. */ + msgb_free(msg); osmo_stream_srv_destroy(conn); } else { if (conn->flags & OSMO_STREAM_SRV_F_FLUSH_DESTROY) { @@ -609,6 +610,7 @@ static void stream_srv_iofd_recvmsg_cb(struct osmo_io_fd *iofd, int res, struct if (OSMO_UNLIKELY(res <= 0)) { /* This connection is dead, destroy it. */ + msgb_free(msg); osmo_stream_srv_destroy(conn); } else { if (conn->flags & OSMO_STREAM_SRV_F_FLUSH_DESTROY) { |