[PATCH] Fix Valgrind Invalid Read error while removing gsupplicant interface

Tue, 28 Dec 2010 02:16:49 -0800 

From: Leena Gunda <[email protected]>

Below is patch for:
http://bugs.meego.com/show_bug.cgi?id=11784

The WiFi plugin initiates a interface removal by invoking 
g_supplicant_interface_remove which invokes the RemoveInterface D-Bus method 
and sets interface_remove_result as the result callback. 

Once the interface has been successfully removed, WPA Supplicant will also sent 
a InterfaceRemoved signal. The gsupplicant callback for this signal will in 
turn free the GSupplicantInterface structure associated with the removed 
interface. After this the interface_remove_result is invoked which will also 
try to remove the GSupplicantInterface structure for the data->interface->path. 
But data->interface has been already freed by the signal callback and hence the 
invalid read error reported by valgrind.

To fix this issue, interface_remove_result needs to be modified to:
- Remove the g_hash_table_remove call for the GSupplicantInterface
- Since data->interface is already freed, send the second parameter as NULL to 
the interface_data callback.

---
 gsupplicant/supplicant.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index 42f4920..44a6a98 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -1972,7 +1972,7 @@ static void interface_remove_result(const char *error,
                                DBusMessageIter *iter, void *user_data)
 {
        struct interface_data *data = user_data;
-       int err;
+       int err = 0;
 
        if (error != NULL) {
                err = -EIO;
@@ -1984,12 +1984,14 @@ static void interface_remove_result(const char *error,
                goto done;
        }
 
-       g_hash_table_remove(interface_table, data->interface->path);
-       err = 0;
+       /*
+        * The gsupplicant interface is already freed by the InterfaceRemoved
+        * signal callback. Simply invoke the interface_data callback.
+        */
 
 done:
        if (data->callback != NULL)
-               data->callback(err, data->interface, data->user_data);
+               data->callback(err, NULL, data->user_data);
 
        dbus_free(data);
 }
-- 
1.7.0.4
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman

Reply via email to