[PATCH 1/1] Fix ConnMan crashed while disable wifi device.

Mon, 20 Sep 2010 17:13:47 -0700 

This bug only happen at places where you have two or more AP with
same essid like if you are at school or work so you can roam 
without loosing your connection. In this case in ConnMan will create
a network structure for each AP but they all will be
represented by one single service structure. Each network will
increment service refcount so if I have 6 AP with same essid the
service refcount will be 6 or more.
When user disable wifi device, ConnMan will recieve a command to
disable that device which will end up calling this function in
src/device.c with each network related to this device.
static void unregister_network(gpointer data)
{
        ...

        connman_element_unregister((struct connman_element *) network);

        __connman_network_set_device(network, NULL);

        ...
}
Calling connman_element_unregister will call
 __connman_service_put which will decrement service->refcount and
if counter is 0 will call service disconnect.
calling __connman_network_set_device will set network-device to NULL.

Now if we have 4 AP with the same name and we connect to the first one in
list, when user disbale wifi, the first network which is connected will be
passed to unregister_network function first which only will decrement
service->refcount and set network->device to NULL, not until we get
to the fourth network that will cause calling service disconnect. In
this fuction ConnMan will go to each network attached to this service and
call network_disconnect which will end up
calling  __connman_device_increase_connections passing network->device
as parameter which will cause the crash beacuse we accessing a NULL pointer,
remember it was set to NULL.

This patch will check device pointer if NULL it will just exit out.
We can move code around to make sure this wont happen but that need
more time and effort.


---
 src/device.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/device.c b/src/device.c
index 53d9a66..67ac6bd 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1369,12 +1370,14 @@ int __connman_device_set_offlinemode(connman_bool_t 
offlinemode)
 
 void __connman_device_increase_connections(struct connman_device *device)
 {
-       device->connections++;
+       if (device)
+               device->connections++;
 }
 
 void __connman_device_decrease_connections(struct connman_device *device)
 {
-       device->connections--;
+       if (device)
+               device->connections--;
 }
 
 /**
-- 
1.6.1.3

_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman

Reply via email to