On 08/10/2019 06.06, Denis Kenzior wrote:
On 10/7/19 1:37 PM, Martin Hundebøll wrote:
Why not do something like:
g_at_mux_ref(mux);
for (i = 1; i <= MAX_CHANNELS && !mux->shutdown; i++) {
int offset = i / 8;
int bit = i % 8;
if (!(mux->newdata[offset] & (1 << bit)))
continue;
dispatch_sources(mux->dlcs[i-1], G_IO_IN);
}
g_at_mux_unref(mux);
I'm afraid this isn't enough, as I still get use-after-free when using
gatmux in the quectel plugin (see attached log).
That buffer size check is a bit dubious and should never happen in
practice, it is also something that one cannot recover from if the
condition does get hit. I actually would just take it out, but you can
also just check the condition right before the mux_unref and scribble it
to a temporary. i.e.
bool buffer_full = false;
g_at_mux_ref();
for (...) {
...
dispatch_sources(...);
}
buffer_full = !mux->shutdown && mux->buf_used == sizeof(mux->buf);
Why the "!mux->shutdown" here? I would expect that to be checked before
processing the data...
// Martin
_______________________________________________
ofono mailing list -- ofono@ofono.org
To unsubscribe send an email to ofono-le...@ofono.org
