Hi Mohamed,
On Mon, Sep 20, 2010 at 09:14:49PM -0700, Mohamed Abbas wrote:
> This bug only happen at places where you have two or more AP with
> same essid like if you are at school or work so you can roam
> without loosing your connection. In this case in ConnMan will create
> a network structure for each AP but they all will be
> represented by one single service structure. Each network will
> increment service refcount so if I have 6 AP with same essid the
> service refcount will be 6 or more.
> When user disable wifi device, ConnMan will recieve a command to
> disable that device which will end up calling this function in
> src/device.c with each network related to this device.
> static void unregister_network(gpointer data)
> {
> ...
>
> connman_element_unregister((struct connman_element *) network);
>
> __connman_network_set_device(network, NULL);
>
> ...
> }
> Calling connman_element_unregister will call
> __connman_service_put which will decrement service->refcount and
> if counter is 0 will call service disconnect.
> calling __connman_network_set_device will set network-device to NULL.
>
> Now if we have 4 AP with the same name and we connect to the first one in
> list, when user disbale wifi, the first network which is connected will be
> passed to unregister_network function first which only will decrement
> service->refcount and set network->device to NULL, not until we get
> to the fourth network that will cause calling service disconnect. In
> this fuction ConnMan will go to each network attached to this service and
> call network_disconnect which will end up
> calling __connman_device_increase_connections passing network->device
> as parameter which will cause the crash beacuse we accessing a NULL pointer,
> remember it was set to NULL.
Thanks for the detailed explanation, I appreciate. Thanks also for the fix :)
I applied the patch, but modify it a bit to be in sync with the rest of the
code:
diff --git a/src/device.c b/src/device.c
index 6a9bce6..ad976b5 100644
--- a/src/device.c
+++ b/src/device.c
@@ -1371,11 +1371,17 @@ int __connman_device_set_offlinemode(connman_bool_t
offl
void __connman_device_increase_connections(struct connman_device *device)
{
+ if (device == NULL)
+ return;
+
device->connections++;
}
void __connman_device_decrease_connections(struct connman_device *device)
{
+ if (device == NULL)
+ return;
+
device->connections--;
}
Cheers,
Samuel.
--
Intel Open Source Technology Centre
http://oss.intel.com/
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
